Travelex, the foreign exchange that serves 30 countries, suffered a ransomware attack on New Year’s Eve, and hackers are demanding $6 million (4.6 million pounds) for the decryption key information, BBC reports.
Travelex websites across Europe, Asia and the US have been offline since 31 December, with a message to visitors that they are down for “planned maintenance,” BBC notes.
The hackers claim they accessed and downloaded Travelex customer information six months ago, but Travelex insists no customer data has been leaked, the report says.
Sodinokibi Ransomware: Big Impact
The ransomware attack apparently involved Sodinokibi malware — which continues to hit a range of companies, including MSPs and CSPs (managed IT and cloud services providers). Confirmed and alleged Sodinokibi victims in recent months include CyrusOne, PerCSoft, and Synoptek, according to MSSP Alert and third-party reports.
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Although MSPs and their software providers have generally raised their defenses in 2019, attacks have continued and some corners of the MSP industry now face a “crisis of credibility, ChannelE2E and MSSP Alert believe.
Still, more signs of progress are emerging. Thousands of MSPs are activating two-factor authentication as a means to stop hackers from entering systems. In many cases, software providers are activating 2FA as a default setting. And increasingly, the 2FA setting is mandatory.
Even so, 2FA isn’t a cure-all for ransomware attack mitigation.
MSPs Fighting Ransomware: Basic First Steps
To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:
- Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
- Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
- Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
- Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
- Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 — more details soon.)