Travellex Hit By Ransomware
Travellex is one of the world’s largest foreign exchange companies firms and has some 800 retail branches based in 26 countries around the world. It provides Forex services to a number of supermarket retail banks in the UK including Sainsbury’s Bank and Tesco Bank. The business is well represented at major airports and it is estimated that 40% of passengers flying annually, approximately 1.7 billion travellers, will fly from airports with a Travellex outlet. The firm was established in 1976 in the UK by Lloyd Dorfman and it is estimated to have revenues in excess of £765 million. The company also provides online, retail foreign exchange services.
Travellex has been hit by a group of hackers which struck on New Year’s eve. Travellex has responded by taking its computer systems off-line which, naturally, has caused considerable disruption for its customers and partners. The hackers have inserted a “ransomware” trojan into the system, a virus known as Sodinokibi (also called REvil). The hack has led to the partial encryption of some data held on the Travellex system, but the corporation has not disclosed exactly what information has been affected although they maintain that there is no evidence that customer data has been compromised.
The hackers are demanding that Travellex pays them $6 million for them to decrypt the affected data. Whilst the computers remain off-line, retail outlets are resorting to paper recording to allow them to continue to offer services – clients using the online system are being forced to wait to get the currencies that they ordered before the attack.
In communications with the BBC, the hackers have claimed that the breach started six months ago and that they have compromised or downloaded 5 GB of sensitive customer information including customer dates of birth; credit card details; and even national insurance numbers.
There has been no statement as to whether or not Travellex would submit to the hackers’ demands.