Security News > 2020 > January > The Six Million Dollar Scam: London cops probe Travelex cyber-ransacking amid reports of £m ransomware demand, wide-open VPN server holes

More than a week after its website and online services were taken offline by malware, foreign currency super-exchange Travelex continues to battle through what has become an increasingly damaging outage that may have unpatched VPN servers at its heart.
While the capital's cops declined to name a specific victim, a spokesperson told us: "On Thursday, 2 January the Met's Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing."
Travelex's UK website has been offline since New Year's Eve dealing with the ransomware infection.
In a statement to the media, Travelex confirmed it had fallen to a Sodikinobi ransomware infection, though claimed no data had been siphoned off and stolen.
Mursch, who estimates more than 3,000 such vulnerable servers remain exposed to the public internet, said as recently as September he warned Travelex that it had seven vulnerable internet-facing Pulse Secure VPN servers on its network that it had yet to patch - to no response.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/01/08/travelex_update/
Related news
- London celebrity talent agency reports itself to ICO following Rhysida attack claims (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)