Hackers Strike Travelex with a $6M Ransomware Attack

table of contents
Travelex, the London-based currency exchange company, was struck by a ransomware attack on New Year’s Eve. The attackers used Sodinokibi ransomware and are reportedly holding the company ransom for $6 million. Travelex issued a statement on January 7, 2020 confirming that some of their data have been encrypted by the attackers. However, according to a BBC report, the attackers say that they gained access to Travelex’s systems six months ago and have successfully exfiltrated 5GB of sensitive customer data such as date of birth, credit card information, and national insurance numbers. While the company asserts that no data has been exposed, the attackers are threatening to sell the database if the payment is not made.

What is Sodinokibi?

Also known as REvil, the Sodinokibi is a ransomware that targets Windows systems to encrypt important files. Sodinokibi has been successfully distributed across the world using exploit kits, remote desktop attacks, phishing campaigns, and large scale attacks through hacked MSP. Analysis of the Sodinokibi code has shown similarities with GandCrab. Sodinokibi uses a RaaS model wherein the developer uses “affiliates” to distribute their ransomware in exchange for a percentage of the ransom payment.

Protecting Your Endpoints from Ransomware

According to CSO Online, 92% of malware is delivered by email which makes endpoints highly vulnerable to attacks. While Travelex is the latest name to make headlines, ransomware attacks have become an increasingly common occurrence due to system vulnerabilities, improper patch management, shortcomings of traditional antivirus software, and bad cyber hygiene. Protecting endpoints and servers from modern-day malware attacks requires complete process-level visibility and control which most AV solutions do not provide. By taking a signature-less approach, security teams can lock down endpoints to ensure that only authorized processes are allowed to run while immediately terminating and flagging any unauthorized or suspicious processes. Locking down sensitive endpoints and servers can prevent breaches, malware, ransomware, zero-day attacks, and other unknown threats. The WannaCry ransomware attack cost the National Health Service (NHS) over $100 million and the average cost of a data breach has reached $3.92 million as of 2019. The financial and reputational risk is too huge to ignore, especially with stringent privacy regulations are coming into effect across the world. Defending against the modern-day threat demands a proactive security approach that allows businesses to take control of every device or connection that is communicating with the network. ColorTokens Xprotect defends against known and unknown attacks including ransomware, zero-day exploits, phishing, and fileless attacks. Learn more.