Security News > 2020 > January > The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes
More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart.
While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."
Travelex's UK website has been offline since New Year's Eve dealing with the ransomware infection.
In a statement to the media, Travelex confirmed it had fallen to a Sodikinobi ransomware infection, though claimed no data had been siphoned off and stolen.
Mursch, who estimates more than 3,000 such vulnerable servers remain exposed to the public internet, said as recently as September he warned Travelex that it had seven vulnerable internet-facing Pulse Secure VPN servers on its network that it had yet to patch - to no response.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/08/travelex_update/
Related news
- Keytronic reports losses of over $17 million after ransomware attack (source)
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)