Posted on January 29, 2020 by staff

Travelex back online after month-long ransomware blackout


Foreign exchange firm Travelex has reconnected some of its systems to the internet after a ransomware attack forced a month long self-imposed blackout.

A reported software virus known as ‘Sodinokibi’ began attacking the firm’s website on New Year’s Eve, prompting it to suspend online systems to protect customer data and prevent further spread of the virus.

The firm’s business continued to operate without connectivity during the blackout. Staff provided foreign-exchange services over the counter in its branches and reportedly turned to pen and paper for business operations.

Travelex has now said that its customer-facing systems in the UK are now live, and it is serving customers electronically again in its UK stories and some international branches.

Travelex said it is also “making good progress” on restoring its proprietary UK International Money Transfer Service, and expects it to be available by the end of the month.

As well as operating its own website, the firm is an IT partner for companies including Tesco Bank, which also faced issues helping its foreign money customers as a result.

At the time of writing, Tesco Bank’s Travel Money service was still unavailable.

The BBC reports having spoken to the hackers responsible for the attack, and suggested that the ransom demand was set at $6m.

Travelex has not said whether its return to online operations is the result of the ransom being paid.

The firm said it is still working Metropolitan Police, who are conducting their own criminal investigations.

On its website, Travelex cautioned that the incident may lead cybercriminals to try to take advantage of its customers through email and telephone scams, and asked customers to remain vigilant.