Cyber criminals target Travelex with £4.6m ransomware demand

Cyber criminals target Travelex with £4.6m ransomware demand

All systems taken offline as a ‘precautionary measure’

UK foreign exchange specialist Travelex remained offline this week after hackers compromised its systems with a ransomware virus.

The firm’s website offered visitors just a statement on the ‘cyber incident’ which took place on New Year’s Eve.

Travelex is a major retailer of foreign exchange with booths in most major airports. The BBC has reported that the criminals are demanding £4.6 million.

Travelex took all of its systems offline as a “precautionary measure” as soon as the breach was discovered to prevent the virus spreading meaning the firm has reverted to operating offline.

The ransomware in question was identified as Sodinokibi, also commonly referred to as REvil, said Travelex.

The firm added in the statement: Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful.

“To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted.

“Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.

“Having completed the containment stage of its remediation process, detailed forensic analysis is fully underway and the company is now also working towards recovery of all systems.

“To date Travelex has been able to restore a number of internal systems, which are operating normally.

“The company is working to resume normal operations as quickly as possible and does not currently anticipate any material financial impact for the Finablr Group.”

Tony D’Souza, chief executive of Travelex, said: “Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise.

“We take very seriously our responsibility to protect the privacy and security of our partner and customer’s data as well as provide an excellent service to our customers and we sincerely apologise for the inconvenience caused.

“Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online.”

Travelex added it is in discussions with the National Crime Agency (NCA) and the Metropolitan Police who are conducting their own criminal investigations, as well as its regulators across the world.