The Travelex platform, active internationally for the exchange of currencies, has been hit by a heavy ransomware attack.
It was not a peaceful New Year's Eve for the exchange platform as it has become another victim of ransomware. The attacker is a merciless group called Sodinokibi or REvil (a ransomware that functions as software-as-a-service (SaaS)), the same group that hit a dental service last summer. Hackers have demanded a ransom of $3 million in Bitcoin and the requested amount keeps on growing every second that passes by.
According to the press release by ComputerWeekly.com, “on December 31, 2019, the company identified a software virus which attacked some of its sensitive information and services. And to discover the virus, the exchange instantaneously switched all its systems offline as a protective measure so as to stop more spread of the virus within its system.”
From the leaked info, the requested ransom would amount to $6 Mln (741 Bitcoin): initially half, then doubled after 48 hours of silence by the exchange firm. Corridor rumors speak of around 5 GB of stolen information including very subtle information such as details on payment methods, national insurance data, people’s birth dates, etc. For its part, the company ensures that users can be considered safe, at least on the foundation of what has emerged hitherto.
When ransomware hit the platform on December 31, the Travelex website showed a message about putting infrastructure maintenance operations on standby. Today the confirmation that the reason for the stop was different.
The National Crime Agency and the Metropolitan Police are also involved in the investigations aiming at tracing those responsible. In the press release there is also a reference to possible economic repercussions for Finablr Group, an Abu Dhabi firm that acquired the platform in 2015.
After completing the process containment phase, detailed forensic analyzes are still ongoing and the exchange doing everything possible to restore all systems. So far, Travelex has managed to rehabilitate some of its crucial internal networks, that are now functioning as usual.