UK-based currency exchange site Travelex is the latest victim of suspected cybercriminals demanding Bitcoin (BTC) ransom. The BBC reports that the alleged hackers want $6 million in BTC in exchange for the decryption of the company’s hacked files.
According to the BBC, currency exchange giant Travelex suffered a cyber attack on New Year’s Eve forcing the firm to temporarily shut down its online operations until further notice. The hackers chose to strike during the holidays at a time when most members of staff were away from their desks.
Reports say the hackers are demanding a bitcoin ransom worth $6 million in return for the encryption to Travelex’s currently commandeered system. The hackers have allegedly stolen about 5 gigabytes worth of private customer data.
Travelex alerted the public to the situation via a tweet posted on Thursday (January 2, 2020). Since going public with the breach, the company has continued to provide updates on the situation, releasing a press statement on its website on Tuesday (January 7, 2020).
According to the press release, the hackers used the Sodinokibi ransomware which is also known as REvil. AN excerpt from Travelex’s announcement reads:
“Travelex has proactively taken steps to contain the spread of the ransomware, which has been successful. To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated.”
Commenting on the situation, Tony D’Souza, the Travelex CEO, said the company is working towards bringing its systems back online. D’Souza also said Travelex is working with law enforcement but gave no indication of whether the company will pay the bitcoin ransom.
Travelex, a UK based currency exchange site has over 1,200 branches worldwide with operations in more than 30 countries. Since the hack on its software, the firm has been forced to operate manually
Ransomware and Cryptojacking Still a Menace
The group behind the ransomware. REvil or Sodinokibi, first surfaced in April 2019. Allegedly, they offered their ransomware to criminal organizations in exchange for a cut of the profits.
Despite the unfortunate situation Travelex is faced with, the firm is not the first to suffer attacks from ransomware and hackers demanding payment in bitcoin in exchange for regaining access to their systems.
Back in October 2019, BTCManager reported a hack on the Spanish city of Jerez de la Frontera. The hacker seized access to the city’s computer systems making it impossible for city authorities to conduct any form of online operations. The Jerez de la Frontera hackers also demanded a bitcoin ransom.
Florida’s Riviera Beach also suffered a similar fate with hackers attacking its servers back in June 2019 demanding a bitcoin ransom worth $700,000 at the time. Bitcoin ransomware is only one of the many avenues open to cybercrime syndicates looking to profit off the crypto industry. Other popular attack vectors include cryptojacking and phishing attacks.