Travelex, the World's Largest Currency Exchange, Was Hacked

Travelex Ransomware Attack

Travelex was founded more than forty years ago. With over 9 thousand employees and thousands of locations spread all around the world, it's widely regarded to be the biggest foreign exchange company on the planet. You might think that such a large organization would be as good as immune to cyberattacks and that if it does suffer one, it would recover quickly. You need to think again.

Travelex suffers a destructive ransomware attack

On December 31, Travelex found out that its systems had been infected with a ransomware strain called Sodinokibi (a.k.a. REvil), and to prevent it from spreading further, the company took its entire IT infrastructure offline. Online orders were put on hold, and employees working at the currency exchange's physical locations were forced to revert back to using pens and pieces of paper. Travelex's close relations with some of the UK's leading banks meant that financial institutions started turning away customers who wanted to use foreign currency. Even some supermarket chains were affected.

Nobody was really sure what had happened at first, but eventually, on January 7, Travelex finally announced that it'd been hit by cybercriminals. Not surprisingly, quite a few questions were fired off, and spokespeople for the crippled exchange had their work cut out trying to convince everybody that everything would be back to normal "as soon as possible." Right now, however, more than two weeks after the ransomware strain was deployed, Travelex has only just started powering some of its systems back up.

There's not much in the way of details around how the attack was actually pulled off, but it's pretty clear that the people who infected Travelex knew what they were doing. And the fact that such a big, powerful organization is taking so long to recover clearly shows how destructive modern ransomware attacks could be. The whole story can also serve as proof that big companies don't seem to be very well prepared for the online threats that have the power to bring their entire business to its knees.

Quite a few questions remain unanswered

As we mentioned already, there are virtually no details on how the hackers infiltrated Travelex's systems, what they did, and how the currency exchange responded. In fairness, the investigation is still ongoing, and Travelex might have good reasons for withholding the information, but even with that into consideration, the post-incident response still leaves quite a few people disappointed.

There's no indication of why it took Travelex a full week to admit that it has had its data encrypted by ransomware. The company isn't too keen on sharing how much of its infrastructure was affected, either.

January 7's press release, for example, explicitly states that "structured personal customer data" has not been encrypted by the ransomware, but it says nothing about it being stolen. At the same time, people who claim to be responsible for the attack told the BBC that they have over 5GBs worth of personal customer information, which they intend to sell if Travelex doesn't pay the £4.6 million (about $6 million) ransom. A week after the BBC's report, Travelex's comments on the hackers' threats remain ambiguous.

In his recent comments on the difficulties he encountered while trying to disclose a data breach at a Nigerian betting platform, cybersecurity expert Troy Hunt reiterated once again that people shouldn't be too harsh on companies that suffer cyberattacks. They should, however, be very critical of organizations that don't handle the problem as transparently and as responsibly as possible. It looks like those working for large organizations like Travelex have yet to completely wrap their heads around this.

January 14, 2020