On December 31st, 2019, New Year’s Eve, Travelex, a foreign currency exchange company, announced that their website was down due to maintenance. A week later, the U.K. based company announced that they were hit by the Sodinokibi cyber attack, also known as REvil, forcing them to take down their website.
Hackers were asking for £4.6 million, otherwise all data that was retrieved would be exposed on the internet or sold on the dark web. A month later, The Wall Street Journal was able to confirm that the company paid $2.3 million in ransom to retrieve their data and recover.
A month later, The Wall Street Journal confirmed that the company paid $2.3 million in ransom to retrieve their data and recover. Media outlets claim that Travelex failed to report the complete story of the attack, such as how much ransom is being demanded, and also failed to patch their VPN servers until the last second. Although the FBI and U.S Department of Homeland Security repeatedly warned them about such attacks, Travelex failed to implement the technology to combat such cyber crimes.
The attack lasted a month, until the end of January, throughout which the company could not access much of their data and computer systems. However, because the company was so large, it was able to stay in operation and continue to do business with their currency exchange customers.
Sodinokibi, or REvil, is a ransomware-as-a-service (Raas) model, which exploits any business that is vulnerable to such attacks. It was discovered in April 2019, only months prior to this attack, and is known to be the successor of GrandCrab, another Raas model that made $12 billion from cyber attacks. Although there is no exact number as to how many people REvil has affected, it is said that in the span of 12 months, this ransomware has affected many individuals and businesses.
Fast forward six months, the company is still facing challenges despite getting their data back. With such an expensive attack, along with the Coronavirus pandemic, Travelex is facing business issues which are jeopardizing everyday operations. Their credit rankings have tanked to junk status, and their parent company, Finablr, is facing their own problems so they are unable to support Travelex. Experts claim this is a good example of why you should never pay out ransom and always keep your technology updated. No comments were made as to what steps Travelex will be taking to improve technology and services.