Hackers Cripple Airport Currency Exchanges, Seeking $6 Million Ransom


The numbers that normally glow with trade charges on Travelex boards in airports worldwide have gone darkish, after the London-based forex trade firm was compelled to go offline after it found a ransomware assault on Dec. 31.

The disruption has additionally affected banks like Barclays, Royal Bank of Scotland and HSBC, which have been unable to satisfy overseas forex orders for his or her clients.

Travelex stated it had contained the risk and had no proof that buyer information had been eliminated. It has been providing solely over-the-counter companies since New Year’s Eve, when it found that it had been compromised by ransomware generally known as Sodinokibi, or REvil.

The hackers informed the BBC on Wednesday that that they had downloaded 5 gigabytes of delicate buyer information since having access to Travelex six months in the past and supposed to promote it if there was no response by Jan. 14. They have demanded $6 million for the information’s return, in keeping with the BBC.

“Unfortunately we are unable to process foreign-currency orders due to an issue with our service provider, Travelex,” Barclays said in an emailed statement. “We are sorry for the inconvenience and will be restoring the service as soon as we are able to do so.”

The Royal Bank of Scotland said that customers who had placed money orders in branches would be refunded if the order had not been fulfilled.

The episode raised questions about how many more parts of the financial system could be at risk, said Bob Sullivan, a cybersecurity expert.

“We would not normally think of a company like Travelex as infrastructure, but clearly it is,” Mr. Sullivan said. “A big payment company that has tentacles into hundreds of institutions: It’s a reminder of how fragile these systems are.”

London’s Metropolitan Police and the National Crime Agency are conducting criminal investigations. The National Cyber Security Center, part of a government intelligence agency, also said it was working to understand the hack’s impact.

The company has not reported a data breach, according to the Information Commissioner’s Office, a British government agency that enforces data-protection laws.

Travelex could also come under scrutiny from data protection authorities. Under European data privacy law, companies can be fined for being hacked if regulators determine that they did not do enough to protect the information. Firms found to have made the most serious infringements of European law can be fined as much as 20 million euros, or about $22 million, or 4 percent of the previous year’s worldwide annual revenue, whichever is higher. British Airways was fined nearly $230 million last year for privacy lapses.

“This is new because it combines a ransomware attack with the threat of G.D.P.R. fines,” said Mr. Sullivan, referring to the European Union’s general data protection regulation. “This is why these folks think they can get a big payday.”

Travelex had revenue of £729.5 million, or about $952 million, in 2018, according to its annual report.

The Financial Conduct Authority, a regulator, said it was also in contact with Travelex and expected it to “treat affected customers fairly.” The regulator said customers with concerns about currency orders should contact Travelex or the bank where they had placed the order.

Travelex said the software virus was detected on Dec. 31, but it was not reported to the Metropolitan Police until Jan. 2. “Among others, we reported to the N.C.S.C., and then the N.C.A. who in turn passed it to the Metropolitan Police to investigate,” a company press official said.

The shutdown’s duration has prompted complaints from customers unable to get access to their travel money and frustrated by the lack of information from the company. Customer service telephone numbers were shared on social media and the Travelex website.

The firm also attracted criticism from security experts, who said that Travelex had been warned about weaknesses in its system before but had not responded. One security company, Bad Packets, told Computer Weekly that it told Travelex about a vulnerability last April but the firm took six months to fix it and its systems could have been compromised within that time. Travelex declined to comment.

“It’s clear they’re not ready for this,” said Mr. Sullivan, the expert. “Clearly they didn’t have a recovery plan.”

It could take weeks for Travelex to determine how the hackers had embedded themselves into its system, said David Grout, a regional chief technology officer for FireEye, a security firm. It might not be as simple as just booting somebody out of a system.

“Companies like them will need to rebuild some part of the architecture to understand the nature of the attack,” Mr. Grout added.

Travelex said it did not anticipate any “material financial impact” for its owner, Finablr Group, based in Abu Dhabi. But Finablr shares fell more than 15 percent on the London Stock Exchange after Travelex confirmed the attack.



Source link Nytimes.com

Get more stuff like this

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.