Travelex ordered to pay $3m ransom by cybercriminals
The hackers behind a cyber-attack on foreign exchange firm Travelex are demanding a $3 million ransom to release their grip on its systems.
Computer Weekly and Bleeping Computer have confirmed that Travelex was attacked by the Sodinokibi.
Also known as REvil, the software was developed in April 2019 and has been used by criminal groups with links to both Syria and Iran.
A readme file seen by ComputerWeekly has instructed Travelex to pay a ransom in bitcoin through a website with a domain based in China.
The group behind the attack told Bleeping Computer that they had encrypted the entire Travelex network and copied more than 5GB of personally identifiable information (PII), including dates of birth, social security numbers, card information and more.
If Travelex fails to pay the group’s ransom – which may have started on New Year’s Eve when the attack occurred – the data will be published.
Security researcher Kevin Beaumont posted on social media that Travelex is using the Pulse Secure VPM enterprise solution, patched in 2019 against what he calls “an incredibly bad” vulnerability.
According to Beaumont, the flaw can allow those without valid usernames or passwords to remotely connect to a corporate network and switch off multi-factor authentication controls.
Despite reports that the downtime has been caused by a cyber-attack, communications from Travelex have maintained that the issues are due to scheduled maintenance, and that a “software virus” had compromised “some” of its services.
The firm, which provides currency exchange services for consumers as well as banks like HSBC, Barclays, and Virgin Money, has told customers that it is “working around the clock” to fix the issues.
First Direct, Barclays, Sainsburys Bank and Virgin Money have all suspended their currency exchange and travel money services.
Travelex claims to process around 5,000 currency transactions every hour, and has a presence in 70 countries worldwide. It operated 1,200 branches and 1,000 ATMs.
The firm has said that customers may still be able to access money changing services manually with its in-branch tellers.