I am sure by now that most people have heard about the highly publicised cyber-attack on Travelex that happened on New Year’s Eve.
Hackers, using the ransomware software “Sodinokibi”, also known as “REvil”, infected systems belonging to Travelex. They are now demanding that Travelex pay $6m (£4.6m) to regain access to their own systems.
Claims have also been made online that customer data including date of birth and credit card information was accessed, and that the company is also being held to ransom over the release of this data.
While Travelex has claimed that there has been no breach of personal data, the hack has caused them to shut down websites across 30 countries, reverting the company right back to the good old days of using pen and paper.
Over the past few years, malicious software that uses encryption to hold data for ransom has been on the rise. The sole purpose of ransomware is to extort money from its victims.
It finds its way onto a PC by infiltrating a security flaw in weak software, or by tricking a user into installing it.
The damage that ransomware poses includes loss of data, loss of company profits, cost of data recovery, cyber-security costs (to address the issue and future-proof the business), potential legal action for exposing customer data (a hefty fine) and the ongoing cost of reputational damage.
The number one cause of all cyber-attacks is phishing (tricking users into sharing their credentials) and holds the top spot as one of the easiest ways to steal data and install ransomware.
The key steps you can take to stay as safe as possible are:
The total cost of the attack on Travelex is yet to be established, however, it is likely to have a huge negative impact on their business for some time to come, and will stand as a warning to other businesses who may not think cybersecurity is a critical part of ongoing business risk management.