Travelex, which is a foreign currency exchange business, was hacked. The attackers demanded a Bitcoin ransom worth $6 million. This is just one of the victims in a chain of countless ransomware attacks that look for payouts in crypto.
A network breach happened and Travelex ended up going dark. Based on BBC reports, hackers launched this attack during New Year’s Eve. As a result, the firm ended up having to power down all websites and systems.
This attack was well-planned. It was timed so that it hit Travelex when most of the staff was away for holidays. Travelex currently has operations in over 30 countries, covering 1,200 branches around the world. Most of these ended up having to operate manually due to the ransomware attack.
Travelex did assess a part of the issue on Twitter:
Responsibility for the ransomware attack was took by Sodinokibi and the hack wanted a payment of $6 million. It was highlighted that the payment needed to be done in BTC. This would be done through a site that was registered in the country of China.
After settled, the ransomware attackers agreed to offer the decryption tools needed by the IT staff to solve the problem. The ransomware could thus be disabled and the entire network would be accessible again.
Reports showed that computers with confidential information like bank account names and transaction details were exposed through the malware. Many UK based companies that were relying on the forex services of Travelex were affected. This includes HSBC, First Direct, Asda Money, Virgin Money and Sainsbury’s Bank. Customers were locked out of the Travelex app and couldn’t access funds. Transactions were unavailable with the use of Travelex currency cards.
The ransomware group is called REvil. It first appeared during April 2019 and offered criminals the opportunity to actually rent ransomware. REvil just requested a percentage of the profit.
A part of the ransom note said:
“If you do not co-operate with our service – for us it does not matter. But you will lose your time and your data, cause just we have the private key. In practice time is much more valuable than money.”
In 2019, there were countless ransomware attacks appearing. It is possible that this will continue all throughout 2020.