Travelex reportedly shelled out a $2.3 million ransom payment after being struck on New Year’s Eve with REvil/Sodinokibi ransomware.
The company has not publicly stated it paid the ransom, but The Wall Street Journal reported that sources have indicated otherwise. In early January it was believed the attackers were seeking $3 million to release the encrypted files along with a promise to not make public any information removed during the attack.
At the time several media reports were issued stating data stolen from Travelex had been removed, a fact Travelex denied.
Such a move would be in line with how REvil/Sodinokibi now operates. Along with Maze, Nemty and others, the Travelex attackers are known to add a layer of blackmail into their ransomware attacks demanding payment not only to decrypt files, but to not post harvested data.
In response to the attack Travelex, which is owned by Abu Dhabi-based finance company Finablr, was forced to shut down its online operation for several weeks. The foreign currency exchange operates 1.000 stores in 26 countries, has 1,000 ATMs operating globally and says it conducts 5,000 transactions per hour.
Travelex has not commented on the WSJ story and has not responded to an SC Media inquiry for a statement.