Travelex Ransomware Attack

Foreign Exchange company, Travelex, has been attacked by ransomware, meaning they have been unable to use their computer systems since New Year’s Eve and have been forced to take their website down across 30 countries.  This has also affected other firms who use their services, with businesses such as Virgin Money, First Direct and Sainsbury’s Bank being unable to sell currency online.  The hackers are allegedly demanding a ransom of $6 million (£4.6 million) and have claimed they have accessed sensitive customer data such as dates of birth, credit card information and national insurance numbers.

However, Travelex state there is no evidence that customer data has been compromised.  If the ransom amount is paid, the cybercriminals say they will restore the company’s systems and delete the data they have downloaded.  The ongoing investigation into the attack is being led by the Metropolitan police and cyber security experts.

To protect yourself and your organisation from similar attacks, it is important to take precautions against malware in general.  These include learning to recognise phishing attempts, patch management, disabling macros from running without administrator authorisation (to stop users running code from untrusted sources), and filtering web browsing traffic based on the categorisation/reputation of sites.  To mitigate the impact if a ransomware attack does occur, it is crucial to implement systems that control user permissions and limit data access to those who need it, as well as ensuring there is a fully tested backup solution in place.