#cybersecurity | #infosec | Travelex won’t say if it has paid a ransom to its attackers

Travelex won't say if it has paid a ransom to its attackers

Travelex, the foreign currency exchange service whose services have been knocked offline since New Year’s eve by a cyber attack, is declining to say if it has paid a ransom to the criminals responsible.

Earlier today the organisation published a customer update about its ongoing attempts to resume normal operations, which saw for the company’s CEO Tony D’Souza break cover for a video statement, and run through a series of customer FAQs.

Travelex ceo

In the update Travelex underlines the message it gave in a press release earlier in the week that it was making “good progress” although it has been widely criticised for its response to the attack.

Notably D’Souza attempts to reassure public concerns that their data may have been put at risk, but stating that Travelex has “not uncovered any evidence to suggest that any customer data has left the organisation”.

Of course, an absence of evidence is not evidence of absence. Data is different from the Mona Lisa. If someone steals the Mona Lisa, you notice the gap in the wall of The Louvre. It’s not as simple as that with data.

Travelex is declining to comment on how the REvil ransomware (also known as Sodinokibi) managed to infect its systems. I’ve also not seen them comment on media reports that the hackers responsible for the attack have demanded a $6 million ransom be paid for the safe return of what they claim is 5GB worth of sensitive data.

But the question I hoped Travelex’s CEO would answer was this: has Travelex paid any ransom demands?

ZDNet journalist Danny Palmer *did* ask that question, and I think Travelex’s answer (or rather lack of answer) might be telling:

Other organisations hit by ransomware haven’t been afraid to say that they will not pay the ransom. I wonder why Travelex doesn’t feel comfortable making a similar assertion?

If you have a secure backup, and if you have the systems in place to restore that backup in a safe, prompt fashion, then you shouldn’t need to ever consider paying the criminals behind a ransomware attack.

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App







National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.