As reported earlier, a cyberattack that hit Travelex, the foreign currency exchange provider, on the New Year’s Eve is now confirmed to be a Sodinokibi ransomware attack with a hacker group known as REvil demanding a ransom of US$6 million in exchange of five gigabytes of its customer data. This attack has rendered large British banks such as Barclays, Lloyds Bank, Tesco Bank, HSBC, Westpac Banking, and Royal Bank of Scotland unable to take or process foreign currency orders from customers in branches that rely on Travelex.
Initially, Travelex reported that a cyberattack in the form of a software virus had affected its systems and as part of a containment plan, they had taken down all their online services. The Travelex U.K. website informed its visitors that the site was down due to planned maintenance. But as reported by Bleeping Computers, the Sodinokibi attackers have claimed to have inflicted the cyberattack and are in possess five gigabytes of sensitive Travelex user data including, but not limited to names, sex, date of birth, email addresses, SSN and phone numbers.
Attackers initially demanded US$3 million in exchange but later revised it to US$6 million seeing Travelex’s latency to their demands. They have also warned Travelex of providing proof by leaking some data online. However, the Travelex website still says there is no source of evidence that customer data has been compromised.
The Domino effect
The banks, though, are facing the domino effect of this hack. Travelex is a third-party vendor and a foreign currency provider to several top British banks. It’s been more than a week since Travelex suspended its online operations, which has left the banks running low on their foreign currency reserves.
An RBS representative told BBC, “We are currently unable to accept any travel money orders either online, in branch or by telephone due to issues with our travel-money supplier, Travelex. We apologize for any inconvenience caused.” Others soon followed the suit and issued similar statements across various forums.
Earlier, Complete Technology Solutions (CTS), a Colorado-based IT services provider to oral-care practices, had reportedly been affected by the Sodinokibi ransomware attack. According to security researcher Brian Krebs, attackers installed Sodinokibi on computers at more than 100 dentistry businesses that rely on CTS for IT services, including network security, data backup, and voice-over-IP phone service. He further stated, the attack occurred on November 25, 2019, via a compromised remote administration tool. Many of CTS’ clients struggled to recover their data and business operations, as CTS declined to pay the US$700,000 ransomware demand.