Report: Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack

I guess they were able to work out the exchange rate…

Report: Travelex paid ransomware attackers $2.3 million worth of Bitcoin

Remember how back in January I raised one of the central mysteries behind Travelex’s ransomware attack – namely, had the foreign currency exchange service paid its attackers a ransom or not?

Travelex was notably refusing to answer any questions about whether it had given in to the extortionists’ demands.

But now, the Wall Street Journal reports, it sounds like Travelex paid US $2.3 million worth of Bitcoin to the REvil ransomware gang, who had threatened to publish personal data of customers stolen from Travelex’s network.

Owned by London-listed payments conglomerate Finablr PLC, Travelex found its operations crippled by a New Year’s Eve ransomware attack that left some of its systems offline for weeks. The finance company paid out the ransom in the form of 285 bitcoin, according to the person with knowledge of the transaction.

Asked about the payment, a Travelex spokesman said the firm has taken advice from a number of experts and has kept regulators and partners informed about its efforts to manage the recovery. A U.K. law-enforcement investigation into the breach is continuing, he said. He declined to comment further on the incident.

Whether ransoms should be paid or not is a divisive topic, and I find it hard to give a simple answer. I can well understand the position of those who say that it encourages more ransomware attacks against other organisations if a ransom is paid. It certainly does.

But at the same time, when a company is on the ropes, it has no other options, and its survival is in question, it’s hard not to sympathise with a difficult decision being made to pay those who were behind the attack if it helps ensure the firm stays afloat, and jobs are saved.

Sign up to our free newsletter.
Security news, advice, and tips.

Travelex’s management team had been strongly criticised for its shambolic response to the attack, which saw the firm delay confirming it had been hit by ransomware for over a week.

Eventually Travelex began to hobble back online at the end of January.

The financial problems faced by Travelex and its parent company, Finablr, have only increased in the months since due to the enormous impact the Coronavirus pandemic has had on its business.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.