Posted on April 10, 2020 at 5:27 PM
Travelex Paid $2.3 Million Ransom to Regain its Data
Reports revealed that Travelex may have paid $2.3 million ransom to the Sodinokibi ransomware attackers to get their systems back online.
During the attack on December 31 last year, the hackers infiltrated Travelex’s systems and networks with Sodinokibi ransomware, which caused them to shut down about 1,500 stores across the world.
The actors behind the ransomware attack revealed that they copied more than 5 GB of personal data, deleted backup files, and encrypted Travelex’s entire network.
They demanded a ransom of $3 million from Travelex if the company hopes to recover the files. The threat actors also reiterated that they would go public with their stolen files from the company if the ransom were not paid within a stipulated amount of time.
When the time given to Travelex to pay the ransom had elapsed, the hackers started threatening the company on darknet forums. They requested for the bounty and told Travelex that it risks losing a lot of data and exposing its customers if the ransom were not paid.
Payment of $2.3 million ransom
The Wall Street Journal recently reported that Travelex has reportedly agreed to the hackers’ demands by paying a $2.3million ransom to take back its systems.
The report revealed that Travelex, which is renowned for its tourist sites and ever-present kiosks around the world, was recently shut down by a virus. However, the company reacted by yielding into the hackers’ demands and paid an equivalent of $2.3 million.
Travelex is the largest foreign-exchange provide in the world. According to a close source on the situation, the company paid the ransom amount in Bitcoin.
Hackers revealed earlier that Travelex has paid the ransom
The report collaborates with the information circulating in January that the company resumed its worldwide operations on January 17 after paying the ransom. The rumor has been circulated after Travelex suddenly resumed full operations without any information from the company regarding the data compromise.
However, the Sodinokobi hackers revealed that Travelex has paid the ransom, but there were no specifications on the amount or the proof of payment made.
When Travelex was contacted by the press for a statement regarding the hackers’ claims, the company said the situation is still under investigation. As a result, it’s not going to comment on the matter.
“There is an ongoing investigation. We have taken advice from a number of experts and we are not going to discuss this,” the company said.
The attack on Travelex shows the importance of promptly notifying the public on cyberattacks and the need to be transparent on the situation. Security experts believe that if Travelex has been open about the attack from the beginning, the hackers would not have gone very deep to encrypt the company’s systems.
Treating all ransomware attacks as data breaches
As ransomware hackers are always infiltrating sensitive data before encrypting the systems, it’s necessary to treat all ransomware attacks as data breaches. The affected firm should also send notifications immediately to those who could assist in exposing their activities.
Although Travelex can succeed in restoring its systems, those who are already exposed could be the subject of future attacks.
Also, paying the ransom does not always guarantee that the hackers would respond fairly and release the exposed data. They could still copy the data and use it for future attacks on the users whose details have been exposed.
Transparency on attacks could help to curb attacks
The hackers did not only infiltrate the systems. They also locked Travelex out with an encryption key. Once locked, they demanded the ransom before returning the decryption key to regain access to the data.
According to security experts, the best option is to be as transparent as possible whenever there is any data breach. When the information about the breach reaches the right people, they could help to trace the hackers and provide possible practical solutions to the situation.