Travelex paid hackers $2.3 million to recover from a New Years Eve ransomware attack, The Wall Street journal reports.
The ransomware attack involved Sodinokibi malware (also known as REvil or Sodin). Confirmed and alleged Sodinokibi victims in recent months include CyrusOne, PerCSoft, and Synoptek, according to MSSP Alert and third-party reports.
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
Ransomware Attacks: Should You Pay the Ransom?
A recent report from Kaspersky says companies should never pay the ransom. Also, a group of U.S. mayors vowed to never pay the ransom -- a key July 2019 statement that pushes back against hackers who continue to target towns, cities and municipalities across the country.
Still, not paying the ransom isn't always an option. Even if an MSSP or customer has complete data backups to perform a network restore, hackers are now threatening to release hijacked data into the public domain. Victim organizations, in turn, need to decide whether it's less costly to pay data breach fines vs. paying the ransom.
Ransomware Attacks: After the Recovery
Either way, ransomware victims often struggle post-attack. Such is the case at Travelex. Fast forward to present day, and the organization now faces additional business challenges related to the coronavirus pandemic. Travelex’s credit ratings have declined to junk status, and parent Finablr’s own financial problems leave it unable to support Travelex, The Wall Street Journal says.