Two weeks after ransomware attack, Travelex says some systems are now back online

After New Year's Eve Sodinokibi ransomware incident, company is still working to restore systems but said it's making "good progress" on recovery.

How to prevent a ransomware attack Tonya Hall sits down with Wendi Whitmore, vice president of IBM X Force, to learn more about important tips for preventing a ransomware attack gathered from a local government ransomware study.

Travelex says it has restored some internal processes and ordering systems following a ransomware attack – and that customer-facing systems will been operating again shortly.

The currency exchange service was hit by a ransomware attack on New Year's Eve and the company's online services remain offline two weeks following the incident.

Travelex's homepage still features a placeholder statement that issues an apology for online travel-money services being unavailable. The notice blames a "software virus" for the downtime, which has been caused after the company fell victim to a Sodinokibi ransomware attack.

SEE:  A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

The malware – also known as REvil – has caused the widespread encryption of files on the corporate network and at least some customer data has been encrypted by the ransomware

Third-party exchange services that rely on Travelex to provide currency - including Tesco Bank, HSBC, Sainsbury's Bank, and Virgin Money – have all had their operations impacted by the attack.

However, in a new statement, Travelex claims to be making "good progress with its technology recovery" and having restored some of its internal systems, the company is beginning to restore customer-facing systems, starting with in-store operations.

Many Travelex customers have been left in a cashless limbo following the attack, but the company says it was necessary to restore internal capabilities to be able to support partner and customer services. While it said services will be restored soon, there's no estimated date for when this will occur. 

"I would like to thank all our partners and customers for their patience and understanding while we work through the technical, commercial, legal, regulatory, law enforcement, and other complexities of a global organisation that has experienced an attack," said Tony D'Souza, CEO of Travelex.

"I also want to thank our 9,000 colleagues around the world who have worked tirelessly, during what has been a very testing time, to support our customers. We are confident, based on our efforts to date, that we will be able to restore our services and ensure the integrity and robustness of the network," he added.

SEE: 2020 is when cybersecurity gets even weirder, so get ready

While customer data at Travelex is known to have been encrypted, the company says it hasn't yet seen evidence that this personal data has been accessed or stolen – but the hackers have reportedly threatened to release information accessed during the attack.

Authorities including the Metropolitan Police and the National Cyber Security Centre (NCSC) have also been informed about the ransomware attack and the latter has issued a reminder on how organisations can attempt to protect themselves against falling victim to a ransomware attack like Travelex has.

MORE ON CYBERCRIME