Attackers demanded a payment of $6 million worth of bitcoin after hacking Travelex, a foreign currency exchange company. It is the latest victim in an explosion of ransomware attacks seeking crypto payouts.
$6 Million in Bitcoin Demanded
UK currency exchange site Travelex has gone dark due to a ransomware infection following a network breach. According to the BBC, hackers launched the attack on New Year’s Eve forcing the firm to power down its systems and websites.
The attack was timed to hit the company when many of its staff were away on holidays. Travelex has operations in more than 30 countries with 1,200 branches worldwide, most of which were forced to go old school and operate manually.
A notice on the Travelex twitter feed stated that it took down websites in order to ‘protect data and prevent the spread of the virus’.
Statement on IT issues affecting Travelex Services pic.twitter.com/rpKagJLykn
— Travelex UK (@TravelexUK) January 2, 2020
The report added that a ransomware gang called Sodinokibi took responsibility for the hack and wanted the currency exchange to pay $6 million. Other reports state that the group specified bitcoin as the method of payment through a website with a top-level domain registered in China in March 2019.
Once settled the hackers have agreed to provide decryption tools to enable IT, staff, at the firm to disable the ransomware and access their files and network again.
Research has indicated that the prevalence of ransomware could have impacted bitcoin prices last year.
It was also reported that computers containing confidential information, such as names of clients and bank account and transaction details, had been infected by the malware which added a random character string to the end of each encrypted file.
A string of other UK based firms relying on Travelex forex services including Sainsbury’s Bank, Barclays, HSBC, Virgin Money, First Direct and Asda Money, have also been disrupted.
Hundreds of customers across the world have been locked out of the app and are unable to access funds or make transactions on Travelex currency cards.
Ransom Note
The group, also known as REvil, first surfaced in April 2019 offering criminal gangs the opportunity to rent its ransomware for a cut of the profits.
The ransom note delivered with the payload read;
“If you do not co-operate with our service – for us it does not matter. But you will lose your time and your data, cause just we have the private key. In practice time is much more valuable than money.”
The attack is the latest in a growing trend of ransomware that surged in 2019. Just last month Bitcoinist reported that hackers demanded a bitcoin ransom from users of vulnerable cameras sold by Amazon and its subsidiary Ring.
What do you think about this latest bitcoin ransomware attack? Share your thoughts below.
Images via Shutterstock, Twitter: @TravelexUK