An unnamed source within Travelex disclosed
to The Wall Street Journal (WSJ) that the company paid $2.3 million in Bitcoin
in an effort to restore functionality to its systems following a ransomware
attack.
Travelex was hit with a
ransomware attack on New Year’s Eve, and it took a couple of weeks
to restore some of its basic services, with the consumer side having to wait
until February. The breadth of the attack was staggering, as the hackers
infiltrated the company’s infrastructure six
months before attacking with ransomware.
Hackers didn’t just linger around the network. They used
the time to exfiltrate valuable information, 5GB in total, which they then used
to blackmail the company after deploying ransomware. It’s a new tactic hackers
use to discourage companies from using backups to restore functionality instead
of paying ransom.
In the Travelex attack, the hackers used Sodinokibi
ransomware and an unpatched critical vulnerability in Pulse Secure VPN servers.
Companies were warned about this particular VPN vulnerability, but some
companies didn’t update their systems in time.
While Travelex hasn’t revealed anything about ransom or
payments, the initial reports place the sum at $3 million in Bitcoin. Cybersecurity
companies and government authorities usually advise against paying the ransom,
for two obvious reasons: first of all, paying criminals only emboldens all
groups to continue with attacks and, secondly, there’s no guarantee that the
hackers will return control.
Now, a new report from WSJ has revealed that the company
actually paid $2.3 million in Bitcoin. However, there’s no indication whether
they recouped their stolen data or if payment allowed them to resume
operations.
On top of the ransomware attack, the company also faces
financial problems following the COVID-19 pandemic, mainly because its parent
company, Finablrm, had to appoint an independent financial advisor that will
determine its future.