Ransomware attacks on the rise
The world's largest currency-exchange service Travelex is still offline this morning following a ransomware attack that has devastated the company's ability to operate.
The company has more than 1200 branches in 70 countries and operates both under its own name but also as a white-label service to various international providers, including Air New Zealand. Many of these are also affected and are unable to manage user accounts as a result of the attack.
In a statement on its website, Travelex says: "We're sorry but our online travel money service isn't available right now. This is as a result of a software virus. On discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network."
The company says its investigations to date have not found any evidence of customer data being compromised, however its online service remains offline, although users can still buy and sell currency in person at a branch.
The attack has raised questions of the ethics around paying a ransom demand in situations like this. While cyber-security advice is to never pay the ransom, some IT providers argue that they would have little choice if they are to ensure a client's data is retrieved successfully.
The attack appears to be the Sodinokibi ransomware strain which has been seen in the wild since April last year. Sodinokibi targets unpatched critical vulnerability in Pulse Secure VPN servers.
CERT NZ, the government's cyber-security agency, says attacks such as phishing and credential harvesting are up by 27% quarter on quarter, while scam and fraud reporting is up by 20% in the same time period.
Travelex says it has not ruled out paying the ransom at this stage - the deadline for payment is reported to be the 14th of January.
You must be logged in in order to post comments. Log In