Travelex Ransomware Attack
As the Travelex ransomware attack enters its third week of shutdown, conflicting statements, inconsistencies and general vagaries permeate both news reporting and the company’s public communications. Despite the company’s best efforts – things aren’t looking rosy for Travelex.
First detected on New Year’s Eve, the ransomware known as Sodinokibi/REvil, began spreading through the company’s networks. Responding by taking these systems offline, Travelex has since been debilitated by the attack.
The hackers responsible claim to have had access to systems for six months, during which time they also claim to have exfiltrated around 5GB of sensitive customer data. An assertion that Travelex are currently denying or are as yet unaware of: “There is still no evidence to date that any data has been exfiltrated.”
The vulnerability that allowed the attack stems from unpatched Pulse Secure VNP servers. Originally exposed around April of last year, security experts reportedly warned Travelex of the potential attack vector in mid-September, but to no response.
“We take very seriously our responsibility to protect the privacy and security of our partner and customer's data…we are working tirelessly to bring our systems back online”
Tony D'Souza, Travelex Chief Exec
With the supposed theft of national insurance numbers, credit card info and other sensitive data, Travelex are also yet to confirm reports of a ransom being demanded or the progress of the reported negotiations. Although, based on information gathered by the BBC, the hackers are demanding around £4.6 million for the safe release of data, under threat of the information being auctioned or deleted.
With over 1,2000 retail branches, the currency giant is also responsible for the exchanges of partners such as Barclays, Sainsbury’s Bank, Tesco and Virgin Money. All of whom, are now unable to process customer requests, leaving many winter holidaymakers in an unfortunate position.
Yet to confirm whether they are negotiating with the hackers, Travelex are also yet to give an indication of likely recovery time. With stores forced to rely on manual exchanges, the company is undoubtedly struggling to make sense of what has happened.
Originally displaying a ‘routine maintenance’ message on their downed website, ransomware victims are now publicly acknowledging the Metropolitan Police and National Crime Agency’s (NCA) involvement in the case.
As well as these serious issues, the Information Commissioner’s Office (ICO) has stated that it is yet to receive a data breach report regarding the attack. A procedure, that in the case of a data breach, should be completed within 72 hours of it becoming known.
Whether this is because the status of data is still unknown or is an attempt to protect reputation and minimise perceived liability, Travelex would be making a serious mistake in ignoring basic data protection processes; especially considering the fines that could be levied against them at a time of instability.
The lasting damage of the Travelex ransomware attack remains to be seen, but it is yet another example of how information security vulnerabilities can damage the operations of any business. Regardless of whether Travelex are forced to pay a ransom in exchange for a decryption key, executives at the company are going to be asking themselves some difficult questions about their past and future approach to information security.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
Malware is a persistent threat that can affect every aspect of our digital lives. Identifying, avoiding and removing it are essential to your information security.
How can simulated phishing attacks improve your organisation's security awareness? Blog from information security awareness training provider Hut Six.
The CIA triad consists of three principles upon which professionals typically focus. Blog by Information Security awareness training provider Hut Six.
Will Certificate Transparency Help to Rebuild Confidence in Certificate Authorities? Blog by information security training provider Hut Six Security
In 2018 it was discovered thousands of websites had been hijacked by crypto-mining code, known as a "Cryptojacking" attack. Including UK Gov and ICO websites.
Spear Phishing Part 3: With 50% of receivers clicking on an attachment or link, users are 10 times more likely to make this mistake than with generic phishing emails.
Can the introduction of the confirmation of payee requirement reduce APP scams? Blog by cybersecurity awareness training provider Hut Six.
Spear phishing is one of the most effective ways of gaining sensitive information. These highly targeted attacks use your personal information against you.
Human Rights and the Growing Surveillance Economy: Surveillance capitalism can mean your information being sold to the highest bidder. Blog by Hut Six
HP firmware issue: The technology manufacturer Hewlett Packard has announced a firmware issue that could affect thousands of enterprise users. SSDs sold by the company are at risk.