Travelex website was hit by Sodinokibi ransomware

News
By
published

Foreign currency firm facing demand to release its systems

(Image credit: Shutterstock.com / ymgerman)

Travelex has confirmed that a major cyberattack that took its business offline last week was caused by ransomware.

The foreign exchange giant has revealed it was hit by the notorious Sodinikibi ransomware in an attack on New Year's Eve, with the criminals behind the attack demanding a $6m payment to restore stolen files.

Travelex was forced to take down its websites in 30 countries in an attempt to try and control the attack, with customers across Europe, Asia and the US still unable to gain online access to their accounts.

Ransom

The group behind the attack, known as REvil, claim to have gained access to Travelex's network six months ago. 

REvil says it has a 5GB stash of downloaded information from the company, including customer dates of birth, credit card information and national insurance numbers.

"In the case of payment, we will delete and will not use that (data)base and restore them the entire network," the group said in a statement.

"The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base."

Travelex may be set to face further punishment after the ICO revealed it had not received a data breach notice from the company. Under GDPR legislation, organisations must notify the ICO within 72 hours - unless the breach is deemed not to pose a risk to people's rights and freedoms.

Failure to comply could cost Travelex millions in fines, with the ICO able to issue a fine of four percent of an offender's global turnover.

"If an organisation decides that a breach doesn't need to be reported, they should keep their own record of it and be able to explain why it wasn't reported if necessary," the ICO added.

Travelex says it is working with the Metropolitan Police alongside its own teams of IT specialists and external cyber-security experts to investigate the attack.

"On Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange," the Met said in a statement. "Inquiries into the circumstances are ongoing."

Via BBC

TOPICS
Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest in Security
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
An American flag flying outside the US Capitol building against a blue sky
Mass federal layoffs will have “devastating impact on cybersecurity, former NSA cybersecurity director warns
A hand reaching out to touch a futuristic rendering of an AI processor.
North Korean fake job hackers are going the extra mile to make sure their scams seem legit
A hand reaching out to touch a futuristic rendering of an AI processor.
Google Cloud unveils new AI Protection security tools, no matter which model you use
A TV remote pointing at YouTube logo
YouTube warns of phishing video using its CEO as bait
Latest in News
Apple MacBook Air M3
The M3 MacBook Air is officially discontinued, but the M2 MacBook Air will live on elsewhere and that's good news
Stock photographs of people smiling and looking at laptops in a small business environment.
This web hosting platform elevates your online presence
The Samsung Galaxy S25 Edge on display at Galaxy Unpacked
Exclusive: the Samsung Galaxy S25 Edge will have durability to match its ‘sexy’ form
Metaphor: ReFantazio
Sega was Metacritic's highest-rated publisher of 2024 thanks to the critically acclaimed Metaphor: ReFantazio and Like a Dragon: Infinite Wealth
AirPods Pro Review
Apple has quietly updated its guidance on how to clean your AirPods, and suggests you buy a kit… from Belkin
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
More about security
linkedin

Watch out - that LinkedIn email could be a fake, laden with malware
China

Chinese hackers who targeted key US infrastructure charged by Justice Department
Apple MacBook Air M3

The M3 MacBook Air is officially discontinued, but the M2 MacBook Air will live on elsewhere and that's good news
See more latest
Most Popular
Apple MacBook Air M3
The M3 MacBook Air is officially discontinued, but the M2 MacBook Air will live on elsewhere and that's good news
Micron PCIe 6.x SSD
Micron just demoed the world's fastest SSD with PCIe 6.x tech, a sequential read speed of 27GB/s, and yes, it's just a prototype for now
Xiaomi SU7
Xiaomi's EV is racing ahead of Tesla in China – and it's planning a global Model Y rival next
Macrodock M1 docking station
This cute docking station has LCD macro keys and can even power an 8K monitor - but what nailed it are the rotary knobs
linkedin
Watch out - that LinkedIn email could be a fake, laden with malware
The Mound: Omen of Cthulhu
Ace Team announces The Mound: Omen of Cthulhu, a new first-person horror co-op coming to PS5, Xbox Series X, and PC this year
Styx: Blades of Greed
Styx the goblin returns in Styx: Blades of Greed later this year
Robocop: Rogue City
RoboCop: Rogue City's new standalone expansion Unfinished Business announced at Nacon Connect 2025
Cthulhu: The Cosmic Abyss
Cthulhu: The Cosmic Abyss is a new first-person thriller from the studio behind Vampire: The Masquerade - Swansong
RISC-V
Startup formed by former Intel engineers and backed by AMD legendary chip designer wants to become the Arm of RISC-V