Cyber breach at Travelex

Travelex, a London-based foreign exchange company, had its operations crippled for weeks due to an attack by the Sodinokibi (aka REvil) ransomware gang. Travelex had entered into negotiations with the group, but refused to pay the ransom demand of $6M in exchange for the decryption keys. In retaliation, the attackers threatened to publish 5GB of customers’ personal information that had been stolen and exfiltrated prior to the encryption. This was one of the highest profile ‘double extortion’ ransomware attacks, in which attackers breach corporate networks, steal sensitive files, then encrypt data and demand a ransom to decrypt it, as well as threatening to publish data if the ransom demand is not met, to put additional pressure on victims.

Travelex - Travelex is a foreign exchange company founded by Lloyd Dorfman and headquartered in London. Its main businesses are international payments, foreign currency exchange, issuing prepaid credit cards for use by travellers and global remittance.

Taken from the latest Checkpoint Cyber Security Report 2021