Security News > 2020 > January > Sodinokibi Ransomware Behind Travelex Fiasco: Report

The Sodinokibi ransomware strain is apparently behind the New Year's Eve attack on foreign currency-exchange giant Travelex, which has left its customers and banking partners stranded without its services.

The attack could have been successful in part because Travelex took several months to patch critical vulnerabilities in its Pulse Secure VPN servers, according to Bad Packets.

Bad Packets indicated that this lag time could have provided the window in which the cybergang infiltrated the Travelex network - a speculation that is somewhat supported by Pulse Secure itself, which issued a statement this week that it has indeed seen the Sodinokibi ransomware being delivered via exploits for the vulnerabilities.

"The ransomware situation at Travelex shines a harsh spotlight on the potential devastation of a cybersecurity incident," Jonathan Knudsen, senior security strategist at Synopsys, said in an emailed statement.

"The lost business and negative publicity from a scenario such as this can be crushing. Ransomware continues to be a popular tool for cybercriminalsIf you fall victim to a ransomware attack, you must have a plan ready to execute. The plan should include removing infected systems from your network, wiping them and reinstalling the operating system and applications, then restoring data from your backups."

News URL

https://threatpost.com/sodinokibi-ransomware-travelex-fiasco/151600/