Travelex Still Offline Following Ransomware Attack

Not only have Global banks stopped customers transacting or ordering currency from Travelex, but many have also stopped transactions with third party currency providers altogether. Lloyd’s, Royal Bank of Scotland, Tesco and Sainsbury’s all receive their currency from Travelex.

Travelex is still offline and systems are powered down after ransomeware encrypted systems and the anonymous cyber criminals demanded $6m (£4.6m) in return for decrypting the servers and systems.

It has been reported by Travelex that no customer data has been compromised although no report has been publicly provided to explain how this has been determined.

The hackers, known as Sodinokibi or REvil, have told the BBC they have downloaded 5GBs of valuable customer data and will sell it online in six days’ time unless Travelex pays them an ever-rising ransom. The ransom demand currently stands at $6m (£4.6m). Again, the BBC has not reported how this information was provided to them by Sodinokibi or REvil.

An RBS representative said: “We are currently unable to accept any travel money orders either online, in branch or by telephone due to issues with our travel-money supplier, Travelex.

Lloyds and Barclays issued similar statements. One source said the banks were dependent on Travelex resolving its disruption before they could restore their travel-money service.

Travelex employees have told BBC News the company has been left “shell-shocked” by the continuing ransomware cyber-attack.

The company says it is working with industry-leading cyber recovery specialists to fix the problem and insists it is doing all it can to keep its customers and employees informed.

Computer systems in the company’s offices and currency shops across Europe, Asia, and the US have been switched off since the attack took place around New Year’s Eve.

Travelex said it is working closely with the Metropolitan Police, which is leading the investigation into the attack.

The currency firm is not the only company to fall victim to ransomware. In the last year, the trend has been that well-organized and well-funded criminal hacking groups have targeted high-value companies and public bodies. Earlier this week a US maritime base was forced offline for more than 30 hours.

Not paying ransom from demand can be extremely costly. Steel producer Norsk Hydro was hit by the LockerGoga ransomware last March. Some 170 factories and offices were taken offline, with manufacturing partially suspended. The hackers demanded an estimated £300,000 but the company instead refused to negotiate and has spent about £50m recovering operations. Some other businesses have had to close due to Ransomware attacks in 2019.