According to sources quoted by The Wall Street Journal on April 9, the UK firm’s networks were infiltrated by cybercriminals with a ransomware injection in the new year eve of 2020. The company is known for its chain of foreign-exchange kiosks located in airports and tourist sites around the world.
Travelex confirmed the attack to the press shortly after it happened. They did not, however, disclose that they paid a ransom of around 285 BTC, after having their systems offline for several weeks.
The attack, called Sodinokibi (or “REvil”), is a malware attack that began leaking stolen data earlier this year from various companies, such as CDH Investments and the aforementioned London-based company.
COVID-19 ransomware attacks increasing
U.S. officials have warned that hackers are more active amid the COVID-19 pandemic, which has forced many company employees to work from home.
The report says that cybercriminals are looking for vulnerabilities in corporate networks, which are not being as closely monitored at the moment due to the widespread global lockdowns.
Criminal investigations still ongoing
A Travelex spokesman consulted by the WSJ clarified that investigations by British authorities are still ongoing, although he declined to comment further on the ransomware attack.
It is worth noting that it is not illegal to pay ransoms in the United Kingdom. However, the U.K.’s National Crime Agency highly recommends that victims refrain from giving into the demands of criminals, noting that this only serves to incentivize them further.
Following a ransomware attacks upon international exchange business Travelex beginning of this year, this company repeatedly paid a massive, multimillion-dollar amount to hackers in the form of hundreds of bitcoins.