Ransomware vicitim Travelex forced into bankruptcy

Unprepared Companies Vulnerable to Ransomware Attacks

August 12, 2020

Ransomware victim Travelex has been forced into administration, with more than 1,000 jobs set to go.

According to Infosecurity Magazine, PwC announced that it had been appointed join administrators of the currency exchange business.

During New Year's Eve, Travelex was hit by a Sodinokibi (REvil) ransomware variant, forcing its website offline and impacting its bricks-and-mortar stores and banking services for more than two weeks. This, coupled with COVID-19's effect on air travel, drove the company into bankruptcy, says SC Magazine.

Tony Cook, Director at the Crypsis Group, says, “Over the past couple of years, ransomware has both become one of the most efficient attack types for attackers to profit as well as one of the most destructive on the organizations they target. In its initial forms, ransomware was already devastating to organizations because encrypting business files until a ransom was paid meant halting a business in its tracks—complete disruption of business operations. For some organizations, such as financial trading or others that conduct rapid business transactions, downtime can result in large-volume financial losses, not to mention disruption of ongoing productivity. The disruptions culminate with the business either having to pay a hefty ransom, or, in some unfortunate cases, business dissolution for those that can’t afford to pay the asking price."

Organizations have become more proactive in ensuring that their disaster recovery procedures are able to handle such attacks, adds Cook. However, he says, "as businesses evolve, so do the threat actors. The criminals behind the various ransomware variants are working to produce more persistent revenue streams, damaging their victims in new ways. Many malicious actors have shifted their tactics to carefully target larger companies with the objective of exfiltrating as much sensitive data in the environment as possible to extort companies into paying the ransom. In part, this is in response to organizations being better prepared—more have offsite data backups and can opt not to pay the ransom. In response, some threat actors are looking to other means to ensure compliance. We’ve seen numerous cases where threat actors are providing organizations a period of time to pay; if they don’t, a sample of the exfiltrated data is uploaded to a shaming site. This can be destructive to a company's image, leading to a loss of customer confidence and negative repercussions on their business as a whole. Depending on the data exfiltrated, this new flavor of ransomware attack could lead to the loss of PII, ePHI, credit card numbers, credentials, etc., which can have a lasting effect on the brand and result in class action lawsuits against the company.”

Lisa Plaggemier, Chief Strategy Officer at MediaPro, who notes that ransomware attacks frequently start with a phishing email, also says, "Consequences can include a massive disruption to your business, causing loss of customers, revenue, and reputation. If consumer data is exposed, you could have to provide free credit monitoring to affected consumers. I recommend running a tabletop exercise for a ransomware attack – practice with your executives so people understand what could happen and you can be prepared. It’s also helpful to have a policy on whether or not your organization would pay ransom if an attack happened to you. Have the debate in advance, not when you’re under the pressure of incident response.”

Tim Wade, Technical Director, CTO Team at Vectra, also warns that cybercriminals tactics around fraud and stolen IDs have evolved to include destructive attacks, such as ransomware. "Cybercriminals are motivated by time-to-value as much as modern businesses may be, and it turns out that holding systems and data for ransom can be more profitable with less effort. It doesn't even always require a great detail of sophistication on behalf of the adversary to execute a highly profitable attack. Fortunately, even basic IT and software development hygiene activities like routinely patching systems, disabling default accounts and credentials, and using strong passwords with multi-factor authentication (MFA) can go a long way to reducing the risk for organizations.”

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.