Skip to main content

Travelex cyberattack caused by Sodinokibi ransomware

(Image credit: Image source: Shutterstock/Martial Red)

The initial reports that the cyberattack against foreign exchange company Travelex was the work of a computer virus, and that no personal data was compromised, seem to have been wrong, new findings have suggested.

According to Bleeping Computer, the company was infected by the notorious Sodinokibi ransomware, and the team behind the attack is allegedly in possession of more than 5GB of personal data.

Dates of birth, social security numbers, card information and other details were all allegedly stolen and if the company doesn’t pay ransom within a week – all of the data is going public.

The ransom demanded is $3 million, and the week deadline is probably expiring today, given that the company was infected on December 31.

Investigating how the attack was made possible in the first place, some researchers came to the conclusion that Travelex was running insecure services before the attack.

Pulse Secure VPN enterprise solution for secure communication was being mentioned, as a severely flawed tool that the company used without patching for known and dangerous vulnerabilities. The VPN company, however, denies all of it, saying it does not have any data about the attacks.

"As of now, we are unaware of receiving reports directly from customers about this derivative exploit – no firsthand evidence," Pulse Secure told BleepingComputer.

Travelex’s services are still offline, with the company being forced to take its business into the physical realm.