Travelex faces ransom demands following NYE malware attack

The currency exchange has been issued a deadline to pay up by those responsible.

Ryuk ransomware shuts down US Coast Guard facility for over 30 hours Ransomware infection led to a disruption of camera and physical access control systems, and loss of critical process control monitoring systems.

Travelex services are still offline following a malware attack launched on New Year's Eve, and now, it appears the cybercriminals responsible are hoping for a payday. 

The currency exchange said a "software virus" compromised its systems and in order to prevent the malware from spreading, all online services were taken offline. At the time of writing, the Travelex UK website is inaccessible beyond a "planned maintenance" message. 

The notice below can also be found on third-party services that use Travelex to provide currency services, including Tesco Bank, HSBC, Sainsbury's Bank, and Virgin Money.

screenshot-2020-01-03-at-09-23-38.png

Travelex has previously said that there was "no indication that any personal or customer data has been compromised." At the time of the attack, it was not known what form of malware had disrupted the company's operations -- but ransomware was floated as a potential candidate. 

Now, the UK Metropolitan Police says that "on Thursday, 2 January, the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange," as reported by the BBC

"Enquiries into the circumstances are ongoing," the police force added. 

According to the publication, the hackers are demanding payment for "either restoration of IT systems or the preservation of customer data."

A deadline has also been set, but no further details have been made public. 

screenshot-2020-01-03-at-09-43-02.png

Customers must visit in-branch to order or collect their currency until the situation has been contained. At present, it is not known how long it will take Travelex to isolate the issue -- or recover. 

Travelex has apologized to customers and says that "we are doing all we can to restore our full services as soon as possible." In the meantime, employees have switched to manual management in-store and in physical outlets, and customers must visit these locations to order or collect currency.   

ZDNet has reached out to Travelex and will update when we hear back. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0