Estimated reading time: 1 minute, 31 seconds

Travelex Breach Highlights Threat of 'REvil' Ransomware

Foreign currency firm Travelex has become only the highest-profile victim of the recently surging Sodinokibi ransomware campaign, also known as REvil.

ransomware 3998798 1920As The Guardian reports, Travelex has been switching its systems back on again after the New Year’s Eve discovery of a cyber attack forced the company to take its websites offline. The Sodinokibi hacker gang reportedly threatened to publish customers’ sensitive information, including credit card details, unless Travelex paid $6 million in ransom.

Travelex said no customer information had been compromised. “We continue to make good progress with our recovery and have already completed a considerable amount in the background," said Tony D’Souza, the firm’s CEO.

Meanwhile, an upstate New York airport and its computer service provider also revealed they’d been hit by a Sodinokibi ransomware attack, as reported by NBC 4 New York. Officials at the Albany County Airport Authority said the attack, discovered on Christmas Day, affected the airport and Schenectady-based LogicalNet. Airports said no personal or financial traveler data was exposed and operations at the Albany International Airport were unaffected.

Other recent Sodinokibi targets have included the information-technology services firms Synoptek, Complete Technology Solutions and PerCSoft, according to Krebs On Security.

Sodinokibi/REvil works by encrypting data and demanding cryptocurrency in exchange for unlocking the affected system. According to Ars Technica, in Travelex’s case, the hackers appear to have exploited a vulnerability in unpatched corporate software for virtual private networks. Pulse Secure, the popular corporate VPN provider, announced an urgent patch in August 2019 for a flaw that allowed hackers to break in, shut down multi-factor authentication and even view passwords.

The Sodinokibi ransomware campaign was first spotted by Cisco Talos in April 2019, Ars Technica notes. Given that there may still be more than a thousand unpatched Pulse Secure servers in the United States, other organizations may still be vulnerable.

Read 2267 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.