ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

Ransomware attacks on the rise

Paul Brislen, Editor. 13 January 2020, 9:22 am

The world's largest currency-exchange service Travelex is still offline this morning following a ransomware attack that has devastated the company's ability to operate.

The company has more than 1200 branches in 70 countries and operates both under its own name but also as a white-label service to various international providers, including Air New Zealand. Many of these are also affected and are unable to manage user accounts as a result of the attack.

In a statement on its website, Travelex says: "We're sorry but our online travel money service isn't available right now. This is as a result of a software virus. On discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network."

The company says its investigations to date have not found any evidence of customer data being compromised, however its online service remains offline, although users can still buy and sell currency in person at a branch.

The attack has raised questions of the ethics around paying a ransom demand in situations like this. While cyber-security advice is to never pay the ransom, some IT providers argue that they would have little choice if they are to ensure a client's data is retrieved successfully.

The attack appears to be the Sodinokibi ransomware strain which has been seen in the wild since April last year. Sodinokibi targets unpatched critical vulnerability in Pulse Secure VPN servers.

CERT NZ, the government's cyber-security agency, says attacks such as phishing and credential harvesting are up by 27% quarter on quarter, while scam and fraud reporting is up by 20% in the same time period.

Travelex says it has not ruled out paying the ransom at this stage - the deadline for payment is reported to be the 14th of January.


You must be logged in in order to post comments. Log In

David Lane 17 January 2020, 6:13 pm

No one can afford to think they're completely secure... real security requires conscious, informed computer operators (who are remarkably rare, surprisingly so even in the tech industry)... But it strikes me as odd that journalists reporting ransomware afflictions seldom think it worth mentioning: only one computing platform seems broadly affected by this scourge... a couple of fragile (because they're so rigidly consistent, for platform control and profit maximisation purposes) Microsoft Windows monocultures. You can vastly reduce your odds of being affected by shifting to a more diverse and secure-by-design computing platform.

Web Development by The Logic Studio