Wednesday 22 January 2020

Foreign currency firm Travelex 'being held to ransom' by cyber attackers as Ireland warned of Windows 7 vulnerability

A Travelex at Heathrow Airport (Steve Parsons/PA)
A Travelex at Heathrow Airport (Steve Parsons/PA)
Adrian Weckler

Adrian Weckler

The foreign exchange firm Travelex is currently being held to ransom by cyber attackers who say they will expose sensitive customer details unless the London-based firm pays over millions to the thieves.

Travelex, which is one of the world’s biggest specialist currency exchange firms for travellers, says that the cyber attack is the ransomware virus Sodinokibi, also known as as REvil. Its online currency exchange feature is still unavailable to visitors.

The hackers are reported to be looking for €5 million to release the company from its grip. They claim to have possession of credit card information, dates of birth and national ID numbers.

"In the case of payment, we will delete and will not use that database and restore them [Travelex] the entire network,” the gang told the BBC.

Please log in or register with for free access to this article.

Log In

"The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."

However, Travelex has moved to downplay the threat, claiming that the level of customer data exposure is minimal.

“Whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted,” the company said in a statement. “While Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.

“Whilst the investigation is still ongoing, Travelex has confirmed that the software virus is ransomware known as Sodinokibi, also commonly referred to as REvil. Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful.”

The company statement said that the issue was first discovered on New Year’s Eve.

“On discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network.”

Ransomware works by hackers targeting companies with malicious programs that can cripple systems overseeing everything from supply chains to payments to manufacturing, removing them only after receiving substantial payments.

Two years ago, Ireland faced a ransomware epidemic partially due to out-of-date Windows software on Irish PCs. The malware, including Wannacry, shut down HSE services and caused a number of small businesses to pay criminals hundreds or thousands in cash to unlock their PCs.

One in five Irish PCs currently face security worries from next Tuesday when Microsoft withdraws security support from computers running Windows 7.

The security shutoff means that if a Wannacry-style virus is released in the coming weeks or months, Windows 7 desktops and laptops will have reduced defences, leading to a potentially large loss of data.

Although Microsoft has been warning about the January 14 date for over a year, 19.3pc of Irish Windows PCs still use Windows 7, according to Statcounter.

Online Editors

Also in Business