Remember how back in January I raised one of the central mysteries behind Travelex’s ransomware attack – namely, had the foreign currency exchange service paid its attackers a ransom or not?
Travelex was notably refusing to answer any questions about whether it had given in to the extortionists’ demands.
But now, the Wall Street Journal reports, it sounds like Travelex paid US $2.3 million worth of Bitcoin to the REvil ransomware gang, who had threatened to publish personal data of customers stolen from Travelex’s network.
Owned by London-listed payments conglomerate Finablr PLC, Travelex found its operations crippled by a New Year’s Eve ransomware attack that left some of its systems offline for weeks. The finance company paid out the ransom in the form of 285 bitcoin, according to the person with knowledge of the transaction.
Asked about the payment, a Travelex spokesman said the firm has taken advice from a number of experts and has kept regulators and partners informed about its efforts to manage the recovery. A U.K. law-enforcement investigation into the breach is continuing, he said. He declined to comment further on the incident.
Whether ransoms should be paid or not is a divisive topic, and I find it hard to give a simple answer. I can well understand the position of those who say that it encourages more ransomware attacks against other organisations if a ransom is paid. It certainly does.
But at the same time, when a company is on the ropes, it has no other options, and its survival is in question, it’s hard not to sympathise with a difficult decision being made to pay those who were behind the attack if it helps ensure the firm stays afloat, and jobs are saved.
Eventually Travelex began to hobble back online at the end of January.
The financial problems faced by Travelex and its parent company, Finablr, have only increased in the months since due to the enormous impact the Coronavirus pandemic has had on its business.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.