Travelex’s Ransomware Ordeal Leads to Forced Administration

Travelex has collapsed into administration seven months after it was crippled by ransomware.

The foreign exchange firm suffered more than a month of disruption after it discovered that it had been hacked on New Year’s Eve.

It was later reported that the REvil ransomware gang encrypted more than 5GB of sensitive data and demanded $6 million (about £4.6 million) for its return.

The damage caused by the attack, combined with the effects of the COVID-19 pandemic, has “acutely impacted the business,” according to PwC, which has been appointed join administrator of Travelex.

Restructuring deal

PwC said that a pre-pack administration deal had been reached with Finablr, Travelex’s parent firm.

The firm announced that 1,309 people will lose their jobs, but 1,802 positions in the UK and 3,635 globally will be saved.

PwC will also sell some of Travelex’s assets to a newly created company controlled by its lenders. This includes parts of the organisation that deal with supermarkets and large corporate and banking customers, as well as some of its airport business.

Meanwhile, the high street shops and airport branches that were closed during lockdown will not reopen.

The deal will reportedly deliver £84 million of new money and substantially reduce Travelex’s debts – which increased by £25 million in Q1 as a result of the attack and the pandemic, although the firm said its cyber insurance policy will recoup a large portion of these losses.

Paying the ransom doesn’t solve your problems

This incident is yet another reminder of why cyber security experts urge organisations not to pay ransoms.

Travelex reportedly negotiated the fee down to $2.3 million (about £1.76 million) in bitcoin, but this was just the start of the organisation’s financial woes.

By the time it had made that decision, its internal systems had been offline for almost two weeks. The majority of its business was shut down entirely, and processes that could continue were performed at a crawl, with staff resorting to pen and paper.

Many of Travelex’s banking partners, including the Royal Bank of Scotland, Lloyds and Barclays, issued statements saying that they were unable to accept travel money orders online, in branch or via telephone because of the disruption.

Even when its systems did come back online, Travelex had a backlog of work and was required to complete a thorough investigation into its security practices.

And to top it off, the firm is still subject to disciplinary action from the ICO (Information Commissioner’s Office), which will investigate whether Travelex failed to comply with the GDPR (General Data Protection Regulation).

All in all, you can’t help but think that £1.7 million would have been better spent preparing the organisation for how to handle an attack.

Ransomware is one of the biggest threats facing businesses, so everyone must plan for an inevitable attack. Incident response plans are crucial, as are backup plans that enable you to restore your systems and avoid being at the mercy of blackmailers.

Subscribe to our Weekly Round-up