In a statement issued on January 7, Travelex said the intrusion was discovered on December 31. The company says it took all its systems offline as a precautionary measure. “To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” the company statement reads. According to the BBC, the attackers say they gained access to the company’s computer systems six months ago and downloaded 5GB of sensitive customer data. The gang told the BBC that they have customers’ date of birth, credit card information, and national insurance numbers. The hackers added: “In the case of payment, we will delete and will not use that [data]base and restore them the entire network. “The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base.” It’s not known whether Travelex is negotiating with the hackers. The company has not yet specified when normal service will resume. In the meantime, customers have told the BBC that they feel let down, complaining that their travel money is “in limbo.”
What is it?
Similarly to other strains of ransomware, Sodinokibi is a Ransomware-as-a-Service (RaaS), which sees a group of people maintain the code and another group, known as affiliates, spread the ransomware. As previously reported by Hard Fork, researchers found that Sodinokibi has over 40 active affiliates and its creators typically get between $700 and $1,500 from every payment, with Bitcoin typically used as a payment channel. In fact, the ransomware earned one distributor the equivalent of $287,499 in Bitcoin in just three days. Further, blockchain analysis unearthed several transactions from affiliates to a wallet that, at the time, contained $4.5 million worth of Bitcoin. Ransomware has increasingly made headlines in recent years after several high-profile attacks. Last year, TNW reported on how healthcare providers were facing an unprecedented level of social engineering-driven malware threats. Several US hospitals were also targeted and gave in to attackers’ demands by paying the requested ransom, most likely in cryptocurrency.