Travelex, a foreign exchange and payments company, was thrown into chaos around New Year’s after a ransomware attack locked up its systems, forcing employees to use pen and paper to take care of thousands of customers, according to a report by Reuters.
The virus was identified on Tuesday (Jan. 7). The attack caused a complete blackout in the company’s online exchange services. The company said it had contained the spread of the ransomware, which targets Windows-based computers and encrypts files, asking for money to decrypt them.
Travelex works with other Forex companies like HSBC, Barclays, Virgin Money, Tesco and Sainsbury.
Due to the attack, the company had to take all of their systems offline, which caused numerous problems for holiday travelers trying to use Travelex’s online services. Travelex is available in upwards of 70 countries, but after the attack, it could only deal with customers in-person at its “1,200 on-airport and off-airport locations worldwide,” noted the report.
Authorities are currently investigating the cybercrime. The U.K.’s Financial Conduct Authority (FCA) is also participating to ensure that customers weren’t treated unfairly during the outage.
Finablr, Travelex’s parent company, said the ransomware used was called Sodinokibi, or REvil, and that there was no evidence of data theft. Finablr also said it didn’t foresee any negative financial impact from the attack.
The company hired cybersecurity experts and used computer specialists to isolate the ransomware. They are slowly putting systems back online in an effort to return to business as usual.
Ransomware attacks against large corporations are becoming more and more common. In many cases, a company will pay the ransom, as it ends up costing more trying to isolate and eliminate it in-house.