10 Jan 2020

Forex firm targeted in cyber attack

6:14 pm on 10 January 2020

Foreign currency exchange Travelex remains offline today after receiving a $US6 million ($NZ8.5m) ransom demand from hackers who say they've obtained customer data which they'll release if not paid.

Hacker working on hacking some information. Cyber scam. 13 November 2018

Photo: 123rf.com

London-based Travelex, which has numerous exchanges in New Zealand, was hit by the ransomware attack on New Year's Eve prompting the company to disable its online services.

The attack was carried out by a group of hackers calling themselves Sodinokibi, who claim to have downloaded five gigabytes of valuable customer data.

They say they've got dates of birth, credit card information and national insurance numbers.

"In the case of payment, we will delete and will not use that [data]base and restore the entire network," the group said on social media.

"The deadline for doubling the payment is two days. Then another seven days and the sale of the entire base," the hackers have warned.

However, Travelex said on its New Zealand website that customer data had not been compromised and the virus had been "contained".

"Travelex's network of branches continue to provide foreign exchange services manually and a number of workarounds are provided below."

While unable to say whether they're investigating this specific case, Rob Pope from New Zealand cybersecurity agency CERT said such attacks were on the rise in this country.

"From July to September last year we received 22 reports of ransomware," he said.

"This is lucrative for these criminal actors. They're sophisticated in their approach, they're sophisticated in their campaigns and they're continuing to probe weaknesses in either large organisation security controls through to individuals."

CERT's advice is to never pay ransomware demands.

Travelex's New Zealand exchanges remained open today, despite its online services being offline.

Get the RNZ app

for ad-free news and current affairs