Travelex forked out multi-million ransom to restore its systems
After suffering a ransomware attack earlier this year, Travelex reportedly paid a $2.3m ransom payment to get its systems back online after they were encrypted.
Back in January of this year, hackers deployed the Sodinokibi ransomware throughout the foreign exchange company’s network which led it to shut down operations at 1,500 stores around the world.
The cybercriminals behind the Sodinokibi ransomware were able to encrypt the company’s entire network, delete backup files and copy more than 5GB of personal data. To make things worse, this data allegedly contained dates of birth, Social Security numbers and credit card data.
In order for Travelex to recover its files, the cybercriminals demanded a three million dollar ransom and threatened to release the data if they were not paid. When it seemed like the company wouldn’t pay the ransom, they began to post threats on hacker forums saying they would release the data if their demands were not met.
Ransom payment
According to a new report from the Wall Street Journal, Travelex eventually did end up paying a $2.3m ransom to get its network back up and running. A person familiar with the matter told the news outlet of the transaction, saying:
“Travelex, known for its ubiquitous foreign-exchange kiosks in airports and tourist sites around the world, was shut down by a computer virus that infiltrated its networks early this year. It responded by paying the hackers the equivalent of $2.3 million, according to a person familiar with the transaction.”
The company suffered a ransomware attack in early January but it resumed operations on January 17 which suggests that Travelex did in fact pay the ransom to have its files decrypted.
Travelex may be back in business but those whose data was potentially compromised could still be at risk of potential cyberattacks or identity fraud.
After suffering a ransomware attack earlier this year, Travelex reportedly paid a $2.3m ransom payment to get its systems back online after they were encrypted. Back in January of this year, hackers deployed the Sodinokibi ransomware throughout the foreign exchange company’s network which led it to shut down operations at…
