Travelex paid $2.3 million in BTC to hackers in January after an exploit on New Years’ Eve crippled the foreign exchange operator’s network. This figure, confirmed by the Wall Street Journal, is much less than the $6.6 million that hackers were initially demanding, with the payment method coming in the form of ₿285.
Ransom Paid, Despite no Guarantees of Data Retrieval
Travelex was hit by a group of hackers called the Sodinokibi gang, who infected their systems with a virus of the same name that disabled the company’s IT systems, leaving staff working with pen and paper and customers complaining of not receiving funds. Travelex reacted quickly and managed to restrict the amount of data that was compromised, which is perhaps the reason behind the reduced ransom amount.
According to the Wall Street Journal, the company consulted with security experts and decided to pay the ransom in early January, despite knowing that doing so would not guarantee access to the files – hackers have previously broken their own decryption keys, meaning data is left encrypted forever.
Travelex Able to Get Service Back Online
Thankfully for Travelex this seems not to have been the case, and they were able to get many of their systems up and running by mid-February. The nature of the data stolen has not been revealed by the hackers or Travelex themselves, with the company only stating back in January that there was “no evidence” that customer data had been compromised.
The firm almost certainly faces a fine by the UK’s data protection office, the Information Commissioner’s Office (ICO), with the amount dependent upon the amount and sensitivity of data stolen.
It is not known yet if it has been possible for the Bitcoin transaction to be tracked, although it is likely that the recipients sent it immediately to a mixing service or otherwise disguised it to avoid detection.