Travelex staff go back to basics as ransomware cripples
systems
Send a link to a friend
[January 08, 2020] LONDON
(Reuters) - Staff at foreign exchange firm Travelex are using pen and
paper to serve thousands of customers worldwide after the company
confirmed cyber hackers were holding its systems to ransom.
The currency trader, which also provides forex services for Virgin Money
<VMUK.L> and the banking arms of British retailers Tesco <TSCO.L> and
Sainsbury <SBRY.L>, said on Tuesday a software virus identified on Jan 2
was a ransomware attack.
The incident forced Travelex to take all its systems offline, causing
chaos for New Year holidaymakers and business travelers and triggering
criminal investigations led by Britain's National Crime Agency and
London's Metropolitan Police.
Travelex's parent company Finablr Plc <FINF.L> said on Wednesday it did
not expect to suffer any material financial impact from the incident,
which used a type of ransomware called Sodinokibi in an attempt to
encrypt customer data.
Finablr's shares fell almost 20% to a record low on Wednesday. The slump
was exacerbated by two major investors selling shares worth about $72
million in the payments firm.
Travelex said it had contained the spread of the ransomware, also known
as REvil, and that there was no evidence yet that any data had been
stolen.
A spokesperson for Virgin Money said investigations by Travelex were
ongoing, with no confirmed timescales for resolution.
"As this is a global Travelex issue, customers are currently unable to
place orders via the Virgin Money Travel Money website (or any Travelex
website) or the contact center. However, customers can process orders at
a Travelex Bureau directly," Virgin Money said.
Spokespeople for Tesco and Sainsbury could not immediately be reached
for comment.
[to top of second column] |
A man types into a
keyboard during the Def Con hacker convention in Las Vegas, Nevada,
U.S. on July 29, 2017. REUTERS/Steve Marcus/File Photo
Travelex, which had computer specialists and external cybersecurity experts work
on isolating the virus, is gradually restoring a number of internal systems and
is working to resume normal operations as quickly as possible.
Global companies are increasingly facing ransom-demanding hackers who cripple
businesses' technology systems and only stop after receiving substantial
payments.
These hackers use malicious programs known as ransomware to take down systems
controlling everything from supply chains to payments to manufacturing.
The hackers have grown more sophisticated during the past year, cybersecurity
experts say, shifting from individuals and mom-and-pop operations to larger
companies that can afford bigger ransoms.
In August, hundreds of dental offices around the United States found they could
no longer access their patient records because of a Sodinokibi attack, according
to Malwarebytes, which sells cybersecurity software.
Finablr's other six brands - UAE Exchange, Xpress Money, Unimoni, Remit2India,
Ditto and Swych, are not affected and are operating normally, it said.
(Reporting by Noor Zainab Hussain in Bengaluru; writing by Sinead Cruise,
Editing by Shailesh Kuber/Louise Heavens/Jane Merriman)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|