Just before the turn of the year, Travelex, the foreign currency exchange service suspended their online services and took their systems offline after “a software virus was discovered”. They put out the following notice which is still displayed on their web site, 8 days later.
A similar notice is shown on their twitter account. The smartphone app has also been suspended while the company’s teams resolve the issue.
According to BBC News, other banks including Barclays, HSBC, Sainsbury’s Bank, First Direct, and Virgin Money have been unable to offer online currency services due to the problems at Travelex. The cyber criminals were reportedly demanding $3m.
“The gang, also known as REvil, claims to have gained access to the company’s computer network six months ago and to have downloaded 5GB of sensitive customer data.” Thy are using the data to pressurise the company to pay up before they release to the public domain.
Ransomware attack are in fact data breach as I wrote in an earlier post. This is echoed by the above mentioned report: “Stealing data essentially gives threat actors additional bargaining chips when it comes to dealing with companies unwilling to pay the ransom. The idea is to weaponise the hefty fines associated with GDPR violations to pressure the company into paying.”
Allegedly the perpetrators of the attack used a software vulnurability used by the company. This software is Pulse Secure VPN as I wrote few days ago.