Travelex says some in-store systems are back up and running after ransomware attack

Currency exchange company is gradually bringing systems back online, and said no customer data has been stolen in the attack.
Written by Danny Palmer, Senior Writer

Travelex says it has restored more of its customer-facing systems following a ransomware attack which hit the currency exchange service on New Year's Eve.

Following tests, some in-branch systems used by staff in Travelex stores and their partner companies in the UK have been restored, while the company says it expects to begin testing in-branch services in stores outside the UK 'this week'.

It marks part of what the company describes as "the phased restoration" of systems across the globe. However, at the time of writing, the main Travelex website remains down, 18 days on from the initial attack using the Sodinokibi ransomware.

SEE:  A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

The malware – also known as REvil – caused the widespread encryption of files on the corporate network and at least some customer data has been encrypted by the ransomware, although the company maintains that none of this data has been stolen as a result of attack.

"We are undertaking extensive forensic analyses with our expert advisers and the investigation is ongoing. To date there is no evidence that any data has left the organisation," said a statement in a customer FAQ about the incident.

The customer information hub – which went live today – also features a video message from Travelex CEO Alex D'Souza.

"We don't just want to get back to business as usual. We want to build a better stronger business, which gives you full confidence in the integrity and resilience of our technology," he said, although he didn't detail how the company will go about doing this.

"I would like to thank our partners and customers for supporting us and confirm we will continue to restore systems as quickly as possible," D'Souza added.

Authorities including the Metropolitan Police and the National Cyber Security Centre (NCSC) have been informed about the ransomware attack and the latter has issued a reminder on how organisations can attempt to protect themselves against falling victim to a ransomware attack.

More on ransomware and cybersecurity

Editorial standards