Foreign currency exchange service Travelex paid $2.3 million in ransom to REvil ransomware gang in January after the hacker group encrypted the company’s files, the Wall Street Journal has reported.
In January this year, it was reported that foreign exchange company Travelex suffered a ransomware attack that resulted in its systems going offline. The currency trader had restored its services after almost two weeks from when the cyber-attack first took place and had started providing refunds to customers "where appropriate".
The REvil ransomware group told Bleeping Computer that they used the Sodinokibi ransomware to successfully encrypt Travelex's entire network, delete backup files and exfiltrate more than 5GB of personal data. They initially demanded $6 million (£4.6m) to return the encrypted files but according to The Wall Street Journal, they finally settled for $2.3 million paid in Bitcoin.
"Travelex, known for its ubiquitous foreign-exchange kiosks in airports and tourist sites around the world, was shut down by a computer virus that infiltrated its networks early this year. It responded by paying the hackers the equivalent of $2.3 million, according to a person familiar with the transaction," WSJ said.
After the report was published, a Travelex spokesman said the firm had taken advice from a number of experts and had kept regulators and partners informed about its efforts to manage the recovery.
Commenting on the payment of large amounts in ransom to cyber criminals by large enterprises, Wicus Ross, Senior Researcher at SecureData said that not only does this act incentivise future ransomware activity, it could also, as a natural response, lead to an inflation of future extortion demands.
"The real problem persists in the criminals and the industry around it, and the real source of the problems isn’t fully addressed. Compliance will be enforced resulting in the possibility of record fines, but as a society we will be worse off. Economically, the burden is increased because businesses will just pass on the cost to consumers, and more incentives will be created for hackers to find innovative new means of extortion," he added.
Mick Bradley, VP EMEA at Arcserve, said that Travelex could have entirely avoided paying the ransom to hackers if it had turned to technology such as continuous replication and data rewind to protect business-critical data. This would have enabled the company to revert data back to a known, clean and ransomware-free version before the attack and preserve its reputation and money.