Travelex Reportedly Paid Ransomware Hackers 285 Bitcoin Worth Over $2 Million

Illustration for article titled Travelex Reportedly Paid Ransomware Hackers 285 Bitcoin Worth Over $2 Million
Image: Getty

Following a ransomware attack against foreign exchange company Travelex earlier this year, the company reportedly paid a hefty, multimillion-dollar sum to hackers in the form of hundreds of bitcoin.

Advertisement

Citing a source familiar with the details of the transaction, the Wall Street Journal reported Thursday that the London-based company paid hackers 285 bitcoin for a ransom worth roughly $2.3 million after the attack on New Year’s Eve. Reached for comment by email, a company spokesperson told Gizmodo there was “an ongoing investigation and we have taken advice from a number of experts and will not be discussing this at this time.”

Just days into the new year, Travelex confirmed that it was experiencing service disturbances as a result of what the company described at the time as a “software virus.” The company later identified it as a malware referred to as Sodinokibi. The company initially said that while it didn’t have any indication that customer data had been compromised, it had taken its systems offline. It was able to restore some consumer-facing services shortly after, but international money transfer services were affected for most of January.

Advertisement

“We regret having to suspend some of our services in order to contain the virus and protect data,” Travelex chief Tony D’Souza said in a statement at the time. “We apologise to all our customers for any inconvenience caused as a result. We are doing all we can to restore our full services as soon as possible.”

According to Reuters at the time, the issue so pummeled the company’s operations that Travelex employees were forced to calculate exchange rates with pen and paper. The BBC, reporting in January that it had communicated with the hackers behind the attack, priced the ransom at $6 million. And while Travelex said no data had been hijacked in the attack, the hackers reportedly told the BBC they’d stolen 5 GBs of “valuable” consumer data. A spokesperson did not return a request for comment about whether customer data had been stolen.

Cybersecurity experts and government agencies advise against paying ransoms, both because there’s no way of ensuring stolen data will be fully recovered as well as because it can perpetuate further targeting of organizations—and put a target on the back of an institution that does so.

Share This Story

Get our newsletter

DISCUSSION

“Cybersecurity experts and government agencies advise against paying ransoms, both because there’s no way of ensuring stolen data will be fully recovered as well as because it can perpetuate further targeting of organizations—and put a target on the back of an institution that does so.”


This is actually a lot less common than they’d like to admit. In fact, I’d go so far as to suggest that this hasn’t been the norm for quite some time.

https://arstechnica.com/information-technology/2019/08/how-insurance-companies-are-fueling-a-rise-in-ransomware-attacks/

It’s also been the case that cybersecurity firms have simply been acting as literal middlemen, negotiating with attackers and paying ransoms to preserve the dignity of victimized companies.

https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/

Obviously every situation is different, but the unfortunate reality is that many organizations have made mistakes (eg, poor backup strategies) which leave them little wiggle room when they fall prey to these kind of attacks.