Security News > 2020 > January > The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes
More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart.
While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."
Travelex's UK website has been offline since New Year's Eve dealing with the ransomware infection.
In a statement to the media, Travelex confirmed it had fallen to a Sodikinobi ransomware infection, though claimed no data had been siphoned off and stolen.
Mursch, who estimates more than 3,000 such vulnerable servers remain exposed to the public internet, said as recently as September he warned Travelex that it had seven vulnerable internet-facing Pulse Secure VPN servers on its network that it had yet to patch - to no response.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/08/travelex_update/
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Meet Interlock — The new ransomware targeting FreeBSD servers (source)
- Halliburton reports $35 million loss after ransomware attack (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)
- Major energy contractor reports 'limited' access to IT after ransomware locks files (source)
- BT unit took servers offline after Black Basta ransomware breach (source)