Ransomware vicitim Travelex forced into bankruptcy

Unprepared Companies Vulnerable to Ransomware Attacks

August 12, 2020

Ransomware victim Travelex has been forced into administration, with more than 1,000 jobs set to go.

According to Infosecurity Magazine, PwC announced that it had been appointed join administrators of the currency exchange business.

During New Year's Eve, Travelex was hit by a Sodinokibi (REvil) ransomware variant, forcing its website offline and impacting its bricks-and-mortar stores and banking services for more than two weeks. This, coupled with COVID-19's effect on air travel, drove the company into bankruptcy, says SC Magazine.

Tony Cook, Director at the Crypsis Group, says, “Over the past couple of years, ransomware has both become one of the most efficient attack types for attackers to profit as well as one of the most destructive on the organizations they target. In its initial forms, ransomware was already devastating to organizations because encrypting business files until a ransom was paid meant halting a business in its tracks—complete disruption of business operations. For some organizations, such as financial trading or others that conduct rapid business transactions, downtime can result in large-volume financial losses, not to mention disruption of ongoing productivity. The disruptions culminate with the business either having to pay a hefty ransom, or, in some unfortunate cases, business dissolution for those that can’t afford to pay the asking price."

Organizations have become more proactive in ensuring that their disaster recovery procedures are able to handle such attacks, adds Cook. However, he says, "as businesses evolve, so do the threat actors. The criminals behind the various ransomware variants are working to produce more persistent revenue streams, damaging their victims in new ways. Many malicious actors have shifted their tactics to carefully target larger companies with the objective of exfiltrating as much sensitive data in the environment as possible to extort companies into paying the ransom. In part, this is in response to organizations being better prepared—more have offsite data backups and can opt not to pay the ransom. In response, some threat actors are looking to other means to ensure compliance. We’ve seen numerous cases where threat actors are providing organizations a period of time to pay; if they don’t, a sample of the exfiltrated data is uploaded to a shaming site. This can be destructive to a company's image, leading to a loss of customer confidence and negative repercussions on their business as a whole. Depending on the data exfiltrated, this new flavor of ransomware attack could lead to the loss of PII, ePHI, credit card numbers, credentials, etc., which can have a lasting effect on the brand and result in class action lawsuits against the company.”

Lisa Plaggemier, Chief Strategy Officer at MediaPro, who notes that ransomware attacks frequently start with a phishing email, also says, "Consequences can include a massive disruption to your business, causing loss of customers, revenue, and reputation. If consumer data is exposed, you could have to provide free credit monitoring to affected consumers. I recommend running a tabletop exercise for a ransomware attack – practice with your executives so people understand what could happen and you can be prepared. It’s also helpful to have a policy on whether or not your organization would pay ransom if an attack happened to you. Have the debate in advance, not when you’re under the pressure of incident response.”

Tim Wade, Technical Director, CTO Team at Vectra, also warns that cybercriminals tactics around fraud and stolen IDs have evolved to include destructive attacks, such as ransomware. "Cybercriminals are motivated by time-to-value as much as modern businesses may be, and it turns out that holding systems and data for ransom can be more profitable with less effort. It doesn't even always require a great detail of sophistication on behalf of the adversary to execute a highly profitable attack. Fortunately, even basic IT and software development hygiene activities like routinely patching systems, disabling default accounts and credentials, and using strong passwords with multi-factor authentication (MFA) can go a long way to reducing the risk for organizations.”

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Ransomware vicitim Travelex forced into bankruptcy

Related Articles

Related Products

Report Abusive Comment