The sad parade of corporations falling victim to cyber-attack has grown by one, as Travelex, a globally known financial services company specializing in cash and pre-paid cards for travelers in 26 countries, 1,000 ATM’s and with 1,000 stores, closes its Canada and USA-based doors.
The Travelex website hosts a posted notice explaining, “Due to the impact of the COVID-19 global pandemic, Travelex has made the difficult decision to close our online and retail operations and cease trading in the United States and Canada….We also thank our Travelex colleagues for their unwavering commitment and service.” Over 1000 jobs have been lost, although joint administrator, Toby Banfield reminds us that “The completion of this transaction has safeguarded 1802 jobs in the UK and a further 3635 globally, and ensured the continuation of a globally recognized brand.”
The Sodinokibi (REvil) ransomware variant reportedly struck Travelex on New Year’s Eve 2019, causing their website to go down and affecting physical branches and banking services globally. Controversy arose as unconfirmed reports of vulnerabilities and unheeded warnings from security employees made the rounds, with the REvil hackers eventually demanding $6 million to decrypt and access the Travelex system and erase stolen customer information, which could easily have fetched quite a healthy sum on the black market.
Sodinokibi is well known across Asia, with most of its activity focused on the APAC region until recently when it moved into Europe with a vengeance. It is well known to have started specializing in attacks on small or medium sized businesses, and has ultimately grown more sophisticated. Sadly, as only 29% of small businesses have experience dealing with ransomware, there have been widespread and increasingly devastating results as Sodinokibi has matured.
Malwarebytes Labs’ released a fascinating article on the ins and outs of Sodinokibi, which starts with a phishing email and then encrypts files on local drives, leaving them usable but with all important information encrypted, making it impossible to access critical data without IR services, system snapshots or roll-back systems already in place.
While traditionally Sodinokibi hasn’t sold stolen data, BleepingComputer reportedly discovered the first instance of data being sold in January of 2020. Artech Information Systems, who describe themselves as a "minority- and women-owned diversity supplier and one of the largest IT staffing companies in the U.S" reportedly lost 337MB of stolen data to Sodinokibi operators when they neglected to pay the ransom in the designated time frame. The Sodinokibi operators released a notice saying, “This is a small part of what we have. If there are no movements, we will sell the remaining, more important and interesting commercial and personal data to third parties, including financial details.”
Downtime due to ransomware typically costs organizations over $64K on average, with an average cost of $8,500 per hour. Coveware reported that Ryuk and Sodinokibi strains are responsible for doubling ransomware payments in Q4 2019.
It looks as if the implications of Travelex closing their doors could be far reaching, as their owner Finablr faces “material uncertainty” after discovering a $100 million in secret finance deals.
Why Sangfor?
There are several ways businesses are choosing to protect themselves from losses like this – mainly vulnerability assessment services and incident response (IR) services, like those offered by Sangfor TIARA and Sangfor IR services. Sangfor believes that incident response should be available to every business, regardless of size or location. Should you be attacked, the Sangfor IR team will provide immediate support to minimize impact on your business and data. Finally, after the incident has been resolved (or before an incident even occurs), Sangfor will review protection capabilities and vulnerabilities that allowed the hackers access in the first place, reducing the risk of the same vulnerabilities being used in future attacks, using Sangfor TIARA.
Ransomware attacks can be mitigated using Sangfor Endpoint Secure. Endpoint Secure has built-in honeypot functionality that can detect and stop ransomware encryption as it happens. Endpoint Secure can then delete all instances of the installed ransomware files through the entire network with a single click.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions, and let Sangfor make your IT simpler, more secure and valuable.
