Travelex names REvil as the ransomware that crippled its services and left clients stranded without money

On New Year’s Eve, Travelex, the foreign exchange company, shut down some of its services due to a ransomware attack, stranding travellers without access to money.

Now it has named the virus as Sodinokibi, also known as REvil.

Travelex discovered the virus on December 31 and suspended its online services to prevent further spread of the malware.

In a statement, Travelex claimed that its efforts to contain the REvil strain has been successful and that no personal customer data has been encrypted. Although the company did note that some data had been encrypted, without specifying what type.

Travelex stated that a forensic analysis is underway and that the enterprise is working on recovering all systems, having already got some systems up and running.

Travelex is in discussions with the National Crime Agency and the Metropolitan Police who are conducting their own criminal investigations, as well as its regulators across the world.

It did not currently anticipate any material financial impact for the Finablr Group, Travelex’s owner that also has companies like money transfer company Unimoni and digital bank Ditto under its umbrella.

“Our focus is on communicating directly with our partners and customers to protect them and their information from any further compromise,” said Tony D’Souza, CEO of Travelex.

“We take very seriously our responsibility to protect the privacy and security of our partner and customer’s data as well as provide an excellent service to our customers and we sincerely apologise for the inconvenience caused. Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim. We are working tirelessly to bring our systems back online.”

Travelex’s customers have not taken the news about the service outage quietly. Several of them have vented their frustration on social media, asking how much data has been compromised and asking for their money back as well as for compensation for the inconvenience caused.

As of Wednesday January 8, Travelex’s site was still down, only showing the statement about the hack attack.

Customers were still taking their anger about not being able to access funds to social media.

“Currently in Barcelona with no euros,” one customer tweeted. “A simple email to the inform me would have allowed me to plan. Instead I turned up at the desk to be told you have to rebuy your euros at 1 for 1. Have already dmed [sic] this account to no reply.”

Travelex is not the only company to have been affected by REvil. The virus was used in December to attack US-based data centre provider CyrusOne.

In early January researcher has warned that organisations that use Pulse Secure VPN might be facing huge ransomware attacks unless they patch their programs now.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.