Yusuf On SecuritySecurity news, opinion and advice

Travelex goes offline as it suffers ransomware attack, criminals were demanding $3m

Just before the turn of the year, Travelex, the foreign currency exchange service suspended their online services and took their systems offline after “a software virus was discovered”. They put out the following notice which is still displayed on their web site, 8 days later.

A similar notice is shown on their twitter account. The smartphone app has also been suspended while the company’s teams resolve the issue.

According to BBC News, other banks including Barclays, HSBC, Sainsbury’s Bank, First Direct, and Virgin Money have been unable to offer online currency services due to the problems at Travelex. The cyber criminals were reportedly demanding $3m.

“The gang, also known as REvil, claims to have gained access to the company’s computer network six months ago and to have downloaded 5GB of sensitive customer data.” Thy are using the data to pressurise the company to pay up before they release to the public domain.

Ransomware attack are in fact data breach as I wrote in an earlier post. This is echoed by the above mentioned report: “Stealing data essentially gives threat actors additional bargaining chips when it comes to dealing with companies unwilling to pay the ransom. The idea is to weaponise the hefty fines associated with GDPR violations to pressure the company into paying.”

Allegedly the perpetrators of the attack used a software vulnurability used by the company. This software is Pulse Secure VPN as I wrote few days ago.

 

Author
Yusuf
Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts