Travelex Ransomware Attack

Travelex Ransomware Attack

As we entered 2020, Travelex became the latest high-profile victim of ransomware. In this blog post, we look at what can you do to protect your organisation from suffering a similar fate.

Who was the target?

It all began on New Years Day 2020 when cybercriminals launched a ransomware attack on Travelex.

For those not familiar with Travelex, they are a foreign exchange company trading in multicurrency transactions across the globe.

What happened?

It is reported that cybercriminals had allegedly copied upwards of 5GB of personal data. This data contained the names, dates of birth, social security numbers and credit card information of its customers which were deemed to have been exposed in this ransomware attack.

For Travelex to get this data back, the cybercriminals were holding the data to ransom for $6 million.

What impact did it have on Travelex?

The ransomware attack led to Travelex having to take down its websites and employees resorting to having to use pen and paper in its stores while the investigation with the Police is carried out.

How the ransomware attack was initiated

The ransomware attack is thought to be Sodinokibi (also known as Sodin or REvil) and the information that was stolen from the Travelex’s networks being released online if the ransom isn’t paid on time.

How can you protect your organisation from falling victim to a ransomware attack?

Many cyber security experts commonly acknowledge that many of these ransomware attacks follow a similar pattern from planning to execution and infiltration. This is usually by the attacker gaining initial access via some means such as a vulnerability in the external infrastructure or via email phishing campaigns aimed at harvesting credentials.

Once the attacker has gained access to your network and systems, they will then spend time searching the network for high-value target hosts. From the attacker’s point of view, the more business-critical and sensitive the data is, the higher the chance they have of a victim paying up to release their data. However, there is no guarantee the attacker will release the data once you’ve paid, and many police commissioners believe that paying the ransom sets a precedent for future attacks, making ransomware style attacks grow in popularity.

MMRIT’s top tips to protect your organisation from ransomware style attacks

  1. Security Risk Assessment and Remediation. Our Security Risk Assessment and Remediation service delivers comprehensive infrastructure auditing and proactive risk mitigation. Our sophisticated auditing tool assesses your server estate on a monthly basis, producing a detailed report that advises on security best practice updates. We then agree and implement these updates on your behalf.
  2. Security Audit and Mitigation. Our Security Audit and Mitigation service provides external and internal penetration testing to financial services and professional services organisations. If you are looking for a trusted third party to carry out penetration testing on your environment, we will facilitate comprehensive tests that identify vulnerabilities, which we will help you mitigate in a timely manner.
  3. Gap Analysis. Our Gap Analysis service helps you to understand where your technology is and where you need it to be. Our expert consultants will work with you to establish your technology requirements, and we will produce a roadmap that will help you make them a reality.
  4. Apply updates and patches. Many businesses fail to deploy software and hardware updates which ultimately leaves vulnerabilities for attackers to exploit.
  5. Firewall and Anti-Virus. Effective firewall and anti-virus services are essential to modern business, maintaining secure IT infrastructures and effective cyber risk management policies. At MMRIT, we partner with leading vendors like Cisco and ESET to ensure that we deploy secure, easy to manage firewall and anti-virus services for all of our customers.
  6. URL filtering. Protect your business from internal and external threats. Our URL filtering solution ensures that websites visited by employees are safe and secure, minimising the risk of malware-style attacks.
  7. Review network access and entry points. Your infrastructure processes thousands of events every day. Reviewing each and every one simply isn’t feasible for most organisations. That’s where our Virtual SOC (Security Operations Centre) comes in. Delivered in collaboration with security experts eSentire, the Virtual SOC monitors and reviews all of the events that take place in your infrastructure, flagging and proactively blocking any suspicious activity.

8. Multi-factor authentication. Have your IT systems been secured to meet the threat of cyber-attack head-on? Using multi-factor authentication adds an extra layer of security to your username and password.

9. Mobile device management. The modern workplace extends beyond the traditional office. Your users can access confidential data through smartphones, tablets, and laptops from anywhere in the world. How do you secure and manage your mobile device fleet? At MMRIT, we work with leading vendors to deliver mobile device management services that give you control over your roaming devices.

10. Phishing and Staff Awareness. Your users are your first line of defence against cyber-attack. Our Phishing and Staff Awareness services deliver realistic scenario training, helping your users understand the threats they face and ensuring that they follow best practices in the event of a genuine phishing email attack.

11. Prepare for the worst-case scenario. Businesses need peace of mind and the reassurance that their data is in safe hands. At MMRIT, we offer a range of backup and disaster recovery solutions to ensure that our solutions meet regulatory compliance keeping you up and running.

Adding an extra layer of complexity to your passwords. with two factor authentication

Two Factor Authentication (2FA) Service Overview

PDF

Secure your organisation

To find out more about becoming more cyber security aware, improving your current provisioning and mitigating potential risks, contact our IT consultants. We understand every business is different and has individual needs. Our IT consultants provide a range of cyber security services designed specifically for financial services including hedge funds, private equity firms, alternative investment companies, the legal and professional services sector to meet regulatory compliance.