Travelex says ransomware recovery is underway two weeks after global blackout

Whether the currency-exchange company paid the ransom remains unclear.
currency exchange, forex, travelex
(Getty Images)

The financial exchange Travelex said Monday it has restored some of its digital capabilities for foreign currency trades, nearly two weeks after a ransomware attack forced staff to rely on pens and paper.

Travelex said its making “good progress” in its recovery from a security incident that, on Dec. 31, forced the company to suspend online services, including its app and internal email systems. Ransomware attackers used a malicious software strain called Sodinokibi, or REvil, reportedly to demand a fee of $6 million (£4.6 million) to release the affected data. Now, Travelex said, it is restoring internal processes and issuing refunds to customers “where appropriate,” according to Reuters.

Hackers previously told the computer security blog Bleeping Computer they were in negotiations with Travelex about the ransom payment. Travelex did not respond to a request for comment from CyberScoop Monday.

The company, a subsidiary of United Arab Emirates-based Finablr, operates 1,200 locations in 70 countries, with a heavy presence in global airports. The sudden outage coincided with the busy holiday season, resulting in issues for travelers and businesses alike. Finablr’s value on the London Stock Exchange had fallen by 6% in the days following the attack.


The ratings agency S&P also downgraded Travelex’s credit rating to “negative,” suggesting questions about the firm’s long-term financial health.

The company consistently has said it has no evidence to indicate attackers have accessed customers’ personal information. The hackers, though, previously claimed to the BBC that they downloaded 5GB of sensitive data including customers’ birth dates, payment information and Social Security numbers. Both London’s Metropolitan Police and the U.K.’s National Cyber Security Centre are involved in the investigation.

Next, Travelex said it will update customers with a “roadmap” of its plans about resuming full service.

Travelex stayed relatively quiet about the incident for days after the incident, leaving customers in the dark about the state of their transactions. Hundreds of comments filled the Travelex Facebook page within days, and company partners appeared to be advertising transactions that were not actually available at the time.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts