A ransomware attack has held London-based foreign currency exchange firm Travelex hostage since at least New Year’s Day, the company confirmed Tuesday after more than a week of vague updates. It appears that the Sodinokibi gang is behind the incident. The Sodinokibi gang runs a Ransomware as a service operation and brag that their affiliates have reportedly earned more than 2 Billion Dollars
On Tuesday, the BBC first reported that the Sodinokibi gang, which also goes by the name REvil, claimed to have accessed Travelex’s network six months ago and had downloaded and then encrypted about 5GB of sensitive customer data, including dates of birth as well as payment and credit card data.
In addition, cybercriminals are asking for approximately $6 million in ransom to release the data, the BBC reports. The ongoing attack has crippled Travelex’s websites in the U.K., the U.S. and Asia. Since New Year’s Day, customers have been greeted with vague messages that claim the sites are down due to “planned maintenance.”
Travelex is a London-based foreign exchange firm that has over 1,000 stores and 1,000 ATMs in major transit points across 26 countries. It enables money transfer through cash or Travelex prepaid card. It also says it processes over 5,000 currency transactions every hour.
Here is the full story from cuinfo security website