Skip to main content

Hackers demand $6M from largest retail currency dealer in ransomware attack

Travelex is currently dealing with a ransomware attack that’s forced the company to suspend its online services.

Ransomware locks computer systems by encrypting files, with hackers then demanding payment in exchange for a decryption key. In the case of Travelex, hackers are ordering the London-based firm to cough up cash not only for the decryption key, but also to prevent the publication of various customer data that includes payment card information, the Financial Times reported on Tuesday, January 7.

The BBC said hackers claiming to be behind the attack are asking Travelex to pay $6 million to regain control of their systems, though the company is yet to confirm this.

The malware attack on the world’s largest retail currency dealer was discovered on New Year’s Eve, with Travelex publicly confirming the incident on January 3. The hackers told the BBC they accessed the company’s computer systems last summer and downloaded 5GB of customer data, which they are now threatening to expose.

Travelex said last week that when it learned of the incident at the end of December, it immediately took all of its systems offline as “a precautionary measure in order to protect and prevent the spread of the virus.” But the disruption is also preventing partner companies from selling foreign currency online.

In an update released by the company on January 7, Travelex named the malware as Sodinobiki, also commonly referred to as REvil. It said it had “proactively taken steps to contain the spread of the ransomware, which has been successful,” but added that it “does not yet have a complete picture of all the data that has been encrypted” by the hackers.

Despite the hackers’ reported threat to publish customer data if Travelex fails to pay the ransom, the company said it had no evidence yet that any data had been stolen.

Chief executive response

Parts of the Travelex website are still working, but any attempt to make a transaction takes customers to a press release that includes a message from Tony D’Souza, chief executive of Travelex.

In it, D’Souza says: “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise. We take very seriously our responsibility to protect the privacy and security of our partner and customers’ data, as well as provide an excellent service to our customers, and we sincerely apologize for the inconvenience caused.”

D’Souza said Travelex is continuing to offer services to its customers on a manual basis and in the meantime will provide alternative customer solutions. “We are working tirelessly to bring our systems back online,” the chief executive added.

The company is currently working with the U.K.’s National Crime Agency and the Metropolitan Police, who are carrying out their own investigations into the incident.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Google just thwarted the largest HTTPS DDoS attack in history
A depiction of a hacker breaking into a system via the use of code.

Google has confirmed that one of its cloud customers was targeted with the largest HTTPS distributed denial-of-service (DDoS) attack ever reported.

As reported by Bleeping Computer, a Cloud Armor client was on the receiving end of an attack that totaled 46 million requests per second (RPS) at its peak.

Read more
Hacking-as-a-service lets hackers steal your data for just $10
A depiction of a hacker breaking into a system via the use of code.

A new (and cheap) service that offers hackers a straightforward method to set up a base where they manage and perform their cyber crimes has been discovered -- and it’s gaining traction.

As reported by Bleeping Computer, security researchers unearthed a program called Dark Utilities, effectively providing a command and control (C2) center.

Read more
Hackers stole passwords from 140,000 payment terminals using malware
The Wiseasy point of sale system on a table.

An Android-based payment system has been affected by hackers who have been able to infiltrate its database and gain access to 140,000 payment terminals globally, according to TechCrunch.

The brand, Wiseasy, is well known in the Asia-Pacific region, with its payment terminals used in restaurants, hotels, retail outlets, and schools. Its accompanying Wisecloud cloud service is used for remote management and configuration for its customer's terminals.

Read more