Travelex Pays $2.3M Bitcoin Ransom to Hackers

Millions Stolen from Binance Cryptocurrency Exchange

On New Year’s Eve in 2020, just as everyone had entered the holiday mode and the family started to celebrate and celebrate the arrival of the New Year, a hacker organization hidden in the dark was dispatched. This time, they targeted the UK-based exchange company Travelex. Travelex has nearly 1,200 branches in more than 30 countries around the world. At that time, many employees of the company had gone on vacation to celebrate the New Year. This inevitable vulnerability was exploited. Suddenly, multiple platforms under Travelex were affected. In order to protect data and prevent the further spread of malware, the company has to temporarily close the system.

A few days later, the website of the company’s headquarters is still closed. As long as the user logs in, he will see a “server error” prompt. Because of the issue, some stores can only handle customer requests manually. In addition, companies like Tesco Bank that need to rely on Travelex’s payment functions have also fallen into downtime. According to reports, hackers ask for millions of funds to provide decryption tools for Travelex. In other words, Travelex must pay a ransom in order to restore the contents of virus-encrypted files on the computer network.

After nearly three months, the company recently decided to pay a ransom of nearly US $ 2.3 million in bitcoin base on expert recommendations. Travelex was attacked by the malware called Sodinokibi, a “ransomware-as-a-service” toolkit that recently began publishing data stolen from companies that did not pay. Almost all of January, Travelex’s business was paralyzed, and its public-facing website, applications and internal network were completely offline. Led by the London City Police, investigations into the identity of the attackers are continuing.

  • Cyber extortion and ransomware attacks are rapidly growing and becoming a large percentage of cybercrime. Payouts are quick, typically in three days. Exploitation and phishing easy. Anonymity exists behind the wire. Everyone on the internet is a possible target. Together this creates a lucrative incentive in the criminal dark web underground. Being a cyber victim is a devastating experience.
  • Ransomware Decryption: LIFARS Cyber Incident Response Unit can decrypt files that have been encrypted by a ransomware attack for some known ransomware families. Advanced ransomware cyber attacks generate encryption keys that are specific to a system, and each system is then encrypted with that specific key. Military techniques attacking the threat actor infrastructure can be used, however, it is not legal in most jurisdictions.
  • Bitcoin Payments: LIFARS has an alliance with a trusted party with access to over 5,000 bitcoins at any moment. Hostage and ransomware negotiations are preformed by military-trained experts and conducted with a high precision of execution. The speed and expertise of the LIFARS elite deployment team can make a difference in the impact on your bottom line and to the speed and degree to which you recover.
  • Sextortion and Doxing: Adult internet content or websites offering arrangements with younger partners can have hidden cyber drama. On an annual basis, the LIFARS team investigates over 100 sextortion matters, where many have family separation consequences. Doxing, the publishing of private or identifying information with malicious intent, was effectively used by Anonymous against the Ferguson police department.

Contact LIFARS Immediately For
Mitigating Cyber Risks in Your Organization