Wednesday, 20 January, 2021
Cryptocurrencies

Travelex Repeatedly Paid Ransomware Hackers About 285 Bitcoins It’s Worth More Than £2 Million

632Views

Citing a source familiar with the details of the transaction, the Wall Street Journal reported on Thursday that the London-based company paid hackers 285 bitcoin for a ransom worth roughly $2.3 million (£1.8 million) after the attack on New Year’s Eve. Reached for comment by email, a company spokesperson told Gizmodo there was “an ongoing investigation and we have taken advice from a number of experts and will not be discussing this at this time”.

Just days into the new year, Travelex confirmed that it was experiencing service disturbances as a result of what the company described at the time as a “software virus”. The company later identified it as a malware referred to as Sodinokibi. The company initially said that while it didn’t have any indication that customer data had been compromised, it had taken its systems offline. It was able to restore some consumer-facing services shortly after, but international money transfer services were affected for most of January.

“We regret having to suspend some of our services in order to contain the virus and protect data,” Travelex chief Tony D’Souza said in a statement at the time. “We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible.”

According to Reuters at the time, the issue so pummelled the company’s operations that Travelex employees were forced to calculate exchange rates with pen and paper. The BBC, reporting in January that it had communicated with the hackers behind the attack, priced the ransom at $6 million (£4.8 million). And while Travelex said no data had been hijacked in the attack, the hackers reportedly told the BBC they’d stolen 5 GBs of “valuable” consumer data. A spokesperson did not return a request for comment about whether customer data had been stolen.

Cybersecurity experts and government agencies advise against paying ransoms, both because there’s no way of ensuring stolen data will be fully recovered as well as because it can perpetuate further targeting of organisations – and put a target on the back of an institution that does so.

3 Comments

  • Thank you for some other informative website. Where else may I am getting that type of info
    written in such a perfect means? I’ve a project that I am just now
    operating on, and I’ve been on the look out for such info.

  • Hi there, just became aware of your blog through Google, and found that it is really
    informative. I am gonna watch out for brussels.
    I will appreciate if you continue this in future.
    Lots of people will be benefited from your writing.
    Cheers!

Leave a Reply

Enable Notifications    Ok No thanks