Travelex Says No Evidence of Hack in $6 Million BTC Ransom Case

Reading Time: 2 minutes

Travelex has credited swift action for containing the virus that hit their systems on December 31, which hackers are demanding $6 million in BTC to disinfect. The foreign exchange processor released an update on Tuesday, stating that their systems had indeed been infected by a group of hackers called the Sodinokibi gang, but that the immediate disconnection from the network of their internal systems ensured that the virus was contained. As a result, the company has refuted claims by the hackers that sensitive information, including customer details, have been compromised.

Not So Happy New Year for Travelers

News of the Travelex hack came on Friday, three days after the virus disabled the company’s IT systems, leaving customers unable to receive their funds and staff working with pen and paper. The attack, timed to strike when most staff were on holiday, encrypted critical business files and left instructional documents on infected computers, giving a Bitcoin address and a ransom that went up with every missed payment deadline.

The message from the hackers, also known as REvil, stated that they gained access to the company’s computer network all the way back in June and had downloaded 5GB of sensitive customer data, including dates of birth, credit card information, and social security details, which they would sell on the dark web unless the ransom was paid. However, Travelex denied that there had been such a leak:

To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.

Busy Times Ahead for Travelex

The next few days will be extremely important as Travelex wades through the impact and severity of the breach. Despite technically occurring on New Year’s Eve, the breach can be considered the first of 2020, and represents the same type of tactics seen last year, in which private and public companies were targeted, including numerous American cities and service providers to them.