There has been a plethora of catastrophic ransomware attacks throughout history, causing millions of dollars to be lost in damages. One of the most recent cyber attacks was struck by the ransomware named Sodinokibi, which first appeared in April 2019, and since then has struck multiple entities. Usually targeting Windows files, Sodinokibi infects the user’s system and encrypts the user’s files, thereby demanding a ransom to decrypt them.
One of the most recent Sodinokibi attacks struck the currency exchange giant Travelex on New Year’s Eve. Established in London in 1976, Travelex money exchange has a vast international network with over 1200 branches and 1000 ATMs in more than 70 countries around the world. Travelex processes almost 5000 currency transactions every hour.
Unfortunately, the firm was forced to take down all its online systems on New Year’s Eve to protect its data and prevent the virus from propagating further. Travelex’s store outlets, airport counters, and services were immensely disrupted, leaving its customers and financial partners at a halt when they were unable to timely receive their financial services.
According to reports, the cyber crooks demanded about $3 million to decrypt the data and return the hostage files back to the company. The researchers, however, claim that fault lied in the hands of the company since its systems were not up-to-date, thereby lacking the latest security patches in its VPN. Even though Travelex was warned by the cybersecurity prior to the attack, it did not respond efficiently, paving room for the hackers to exploit the company with ransomware.
The hackers rigorously threatened Travelex to pay the ransom otherwise it would reveal a considerable amount of the customer’s confidential data on the public platform, including social security numbers, credit card information, date of birth, etc. jeopardizing their customer’s privacy.
As a result of the attack, the firms’ operations were immensely affected, compelling the staff to continue operations manually until the systems were out of action. Such intense was the situation that customer invoices were written on paper, exchange rate calculations were done manually and the staff used manual stamps to issue cash transaction receipts. In fact, the Travelex digital boards also turned blank instead of showing the currency exchange rates.
Not just the victim firm itself, but many banks including Tesco Bank, First Direct, and Virgin Money, that relied on Travelex’s money services were also left adrift as customers were unable to place their orders via these entities. Customers in the US, UK, Australia, Germany were immensely impacted by the incident as they did not receive their money in due time.
Significant efforts were made by Travelex for the ransomware recovery. To tackle the situation at the earliest possible, cybersecurity experts and IT professionals were hired in attempts to overthrow the virus, investigate the attack, and prevent any further damages to the global website. The acute impact of this cybercrime also triggered the National Crime Agency which immediately began their investigations in the matter.
A company’s reputation is of utmost importance, and in order to safeguard it, Travelex claimed on its online platforms that the system was down due to maintenance activities as they are working to upgrade the system. However, once the news of the attack became public, not until the 2nd of January, the company constantly released statements to apologize to its customers and partners and ensure them that their data was not compromised and safe from any breaches. It made constant claims guaranteeing the safety and protection of the data, and to resume normal operations in a short period.
This attack puts in the spotlight the devastating consequences a company faces when attacked by ransomware. Ransomware recovery undoubtedly takes a lot of time, effort, and money, along with negatively impacting the reputation of the organization. This can be injurious to its health. Therefore, it is extremely imperative for organizations to have a proper ransomware recovery system in place to be able to tackle any such uninvited threats.