Contact Support

If you are an existing client to get support call us on:

+44 (0)1483 412 042

OR

Login to the portal

Support portal

If you've been given a 6-digit support code

click here

Not an existing customer?

Contact us

What can we all learn from the Travelex cybersecurity breach

What’s happened at Travelex?

Travelex, the worlds largest foreign exchange bureau has been the victim of an extensive cyberattack. Travelex’s network has been infected with Sodinokibi ransomware, and attackers claim to have copied more than 5GB of users’ personal data. Reports suggest this could include; dates of birth, social security numbers, card information and other details, and a ransom demanding $3 million has been issued. Currently, Travelex is still offline as they work to recover their systems.

 

How has this happened?

Investigations into what has happened are still ongoing, claims have been made that Travelex was running insecure services prior to the attack and updates or patches had not been properly installed. Travelex had been warned that it was running vulnerable Pulse Secure virtual private networking (VPN) servers so this could have been the point of weakness however the VPN company denies any issues and says it does not have any data about the attacks.

 

What is the Sodinokibi ransomware?

Sodinokibi, also known as Sodin and REvil, is highly evasive, and takes many measures to prevent its detection by antivirus and other means. It exploits vulnerabilities in servers and other critical assets and also infects via phishing attacks. Sodinokibi is able to completely incapacitate a business by preventing the access of data and critical assets of a target machine, among other damage. It is known to typically add random extensions to files encrypted on computer systems. In Travelex’s case, the encrypted files were also found to have extensions comprising more than five random characters. This ransomware was first identified in early 2019 where attackers had been exploiting a flaw in Oracle Weblogic to spread the ransomware.

 

What steps can organisations take to prevent it happening to them?

  1. Back up your data (frequently)
    When organisations are victims of a ransomware attack typically their data is stolen and encrypted with the only means of retrieving it paying a ransom (although even if you do pay you are still not guaranteed your data). However, if you regularly back up your data you will be able to restore from a backup and will not need to pay the ransom to gain access to your data. It is advisable to have the backup stored in more than one place, usually a cloud solution and a physical solution and to encrypt backups to ensure the data is secure. Remember, the infection spreads, so you don’t want to rely on a back up device that is attached to your network – if you back up to a NAS drive, for example, make sure that drive is physically removed from the network, so the encryption doesn’t spread to your back up as well as your live data.
  2.  

  3. Install updates and patches as soon as possible
    By installing updates regularly, you will reduce your risk of ransomware attacks. Plenty of malware is designed to exploit security holes already identified common applications, patches and updates are the software company’s way of fixing those holes, to make sure you’re running updates on servers, PCs, laptops, Macs and mobile devices as soon as they are released.
  4.  

  5. Comprehensive and regular staff awareness and training
    IT security is 50% infrastructure, and 50% user training. Humans are often the weakest link in the cybercrime world and are exploited to ‘open the door’ to the cybercriminal. And yet few businesses ensure that their teams regularly receive up-to-date training on good practice and cybersecurity awareness. Training should be applied across the board and should be programmed to happen regularly. All users should understand how real a threat cybercrime is and should understand basics like; how to be secure online, how to recognise suspicious emails, how to recognise when they are being duped in to providing information that might help an attacker to gain access and how to respond if they do fall victim to an attack.
  6.  

  7. Robust firewall and spam filters.
    Ensuring the devices that protect the perimeter of your organisation, such as your firewall and spam filters are robust, up to date and properly configured can help to filter out some suspicious emails and if configured properly, can also help to prevent your own email accounts being spoofed and used to distribute viruses under your name.
  8.  

  9. Have a strong and enforced password policy
    A proper password policy is vital, as weak passwords are like an unlocked door for cybercriminals. Passwords should be kept secret (so not written on a post-it note and left on people’s desk!), they should be long and complicated (with a mixture of upper and lower-case letters, numbers and symbols) Users should use different passwords for different applications and they should be changed frequently.

 
For more information on ransomware and how you can protect your organisation contact ramsac on 01483 412040 or email cybersecurity@ramsac.com

Contact us for more information on our cybersecurity solutions
Registration No. 26980136
Terms and Conditions | Privacy Notice
The HR Services Partnership
The HR Services Partnership
17:59 16 Jan 20
We have worked with Ramsac since 2015. They offer a truly winning formula. We have been delighted by their support at all three levels: our network consultant (Colin) understands our set up and is great when we need to upgrade our infrastructure; we have ready access to our account manager who has been great with supporting our growth; and the helpdesk is always so patient for the day-to-day glitches. Very professional and supportive – thank you team ramsac!
Zoe Brooks
Zoe Brooks
13:02 16 Jan 20
Sam on the support desk is extremely knowledgeable and helpful. Every time I have rung with an issue and she has helped the problem has always been rectified smoothly and quickly!
Sarah-Jane Calloway
Sarah-Jane Calloway
16:02 06 Jan 20
Ed spent two days with us following an office reshuffle. He worked to a very high standard and was very helpful, courteous and happy to sort out anything we asked of him!
Luke Hoey
Luke Hoey
14:20 07 Nov 19
Always very helpful and will work hard to resolve any issues you have.
Richard Renson
Richard Renson
16:54 10 Dec 18
Great, helpful IT Kings and Queens
Andrew Worth
Andrew Worth
12:37 30 Aug 18
fine bunch
Colin Warner
Colin Warner
08:46 06 Dec 17
Excellent managed service provider.
Selom B
Selom B
11:58 10 Dec 16
First Class!! Responsive, knowledgeable, professional and very easy to work with - Ramsac have been a fantastic strategic IT partner for the last few years and I'm sure will continue to be for many years going forward. I would highly recommend them!
Ian Windle - Inspiring Leadership
Ian Windle - Inspiring Leadership
08:53 04 Jul 16
Great IT business, with a powerful management team. Could not recommend them more highly.
Patrick O'Luanaigh
Patrick O'Luanaigh
10:55 01 Jul 16
A truly fantastic IT support company - I can't speak highly enough about them.
Sarah Whitemore
Sarah Whitemore
11:59 20 Jun 16
I have known Dan May and Ramsac for 5 or 6 years now. Dan is such a great guy and really helpful with strategic advice and input on all things IT. He's so approachable and doesn't baffle you with IT jargon. If you are looking to outsource your IT or you have a problem you need help with Dan is definitely the one to ask.
Jonathan Richards
Jonathan Richards
12:14 31 May 16
I've worked with Ramsac for many years and whole heartedly recommend their services. They are always professional, approachable and have the rare skill of making IT understandable. Their can do attitude leaves you feeling that you are in safe hands.
See All Reviews
© 2020 ramsac. All rights reserved.