Top Scoops

Book Reviews | Gordon Campbell | Scoop News | Wellington Scoop | Community Scoop | Search

 

Online crooks ransom Travelex

Ransomeware screenA ransomware gang attacked Travelex the foreign exchange company on New Year's Eve.

Ransomware is a kind of online attack where criminals take control of data, usually company data, and demand payment to return it.

There are two main types of ransomware: crypto and locker.
The first encrypts data and files so that users can no longer read anything.

In theory you will get a key to unencrypt the files after you pay a ransom to the crooks. Locker ransomware is similar, but it typical locks down the computer so it can't be used until the ransom is paid.

Travelex lock-down


After the Travelex attack, the company closed down the websites it operates in 30 countries. It said the move was designed to "contain the virus and protect data".

That doesn't quite sound right. After all, it emerged the criminals had been inside the company's systems for the past six months. By the time of the attack there would little left to contain or protect.

The criminals say they have downloaded many gigabytes of sensitive customer data. This includes dates of birth, credit card information and (British) national insurance numbers.

News reports say the criminal gang asked Travelex to pay US$6 million at first, with the demand ratcheting up over time if it wasn't paid quickly. It's not clear if the company paid up.

New Zealand link


There is a New Zealand link. After the attack the company's branches, which include airport currency exchanges, were still providing services but were using manual processes.

Travelex is also the issuer of Air New Zealand's OneSmart card. The card makes it easier to deal with money when overseas. It can be loaded with money in as many as eight different foreign currencies before a trip. Users can lock-in exchange rates to avoid fluctuations while they are overseas.

Air New Zealand says the card is not affected by the attack.
The company told the NZ Herald: "OneSmart does not use the Travelex foreign exchange services affected by the attack so Onesmart cardholders are not impacted".

Ransomware going out of fashion


The Travelex attack happened at a time when ransomware incidents are falling fast. Last year the number of attacks dropped 20 percent as online criminals turned to more lucrative alternatives.

In part the fall in ransomware attacks is because companies are doing a better job at protecting themselves.

The best approach to protection is to have data back-ups so everything ransomed can be recovered quickly. While this sounds simple, it's something many companies struggle with and criminals know that. Among other matters companies tend to make back-ups without checking the data is recoverable.

Another problem is that a sophisticated ransomware attack can also take control of the back-ups rendering them as unusable as the main data store.

A ransomware attack amounts to a much bigger problem for the victim than the ransom demand. In many countries companies can face fines for not properly and promptly reporting an attack to the authorities.

At the same time, allowing data to be ransomed is often actionable under data protection legislation. At the least a company would need to prove it had taken due care with customer data, that's hard to do after a ransom attack.

There's another unpleasant twist to a ransomware attack. While the criminals often release keys after the ransom is paid, that doesn't always happen. And in at least one reported case, the data was ransomed again by the same gang at a later date. Allowing that to happen is an open and shut case of negligence.

Responding to ransomware


If you are attacked by a ransomware gang, you may need professional help to recover data. Before you get to that stage you need to consider how to respond.

The NZ Police recommend you don't pay the ransom. That's understandable and makes sense if there's a good chance of recovering the data.

Some security experts say that paying the ransom is the smartest course of action. It is often cheaper and, if you don't have back-ups, quicker than other ways of recovering the data.

I spoke about this story with Lynn Freeman on RNZ Nine-to-Noon.

Online crooks ransom Travelex was first posted at billbennett.co.nz.

© Scoop Media

 
 
 
Top Scoops Headlines

 

Gordon Campbell: On Coronavirus, And The Iowa Debacle

As Bloomberg says, the coronavirus shutdown is creating the world’s biggest work-from-home experiment. On the upside, the mortality rate with the current outbreak is lower than with SARS in 2003, but (for a number of reasons) the economic impact this time ... More>>

Gordon Campbell: On Dodging A Bullet Over The Transport Cost Over-Runs

As New Zealand gears up to begin its $6.8 billion programme of large scale roading projects all around the country, we should be aware of this morning’s sobering headlines from New South Wales, where the cost overruns on major transport projects ... More>>

Gordon Campbell:On Kobemania, Palestine And The Infrastructure Package

Quick quiz to end the week. What deserves the more attention – the death of a US basketball legend, or the end of Palestinian hopes for an independent state? Both died this week, but only one was met with almost total indifference by the global community. More>>

Gordon Campbell: On The Double Standard That’s Bound To Dominate The Election

Are National really better political managers than Labour, particularly when it comes to running the economy? For many voters – and the business community in particular - their belief in National’s inherent competence is a simple act of faith. More>>


Gordon Campbell : On Dealing With Impeccable, Impeachable Lies

By now, the end game the Republican Senate majority has in mind in their setting of the rules for the impeachment trial of Donald J. Trump is pretty clear to everyone: first deny the Democrats the ability to call witnesses and offer evidence, and then derisively dismiss the charges for lack of evidence. For his part, does former security adviser John Bolton really, really want to testify against his former boss? If there was any competing faction within the Republican Party, there might be some point for Bolton in doing so – but there isn’t. More>>

Gordon Campbell: On Why The Dice Are Loaded Against Women In Public Life

If they enter public life, women can expect a type of intense (and contradictory) scrutiny that is rarely applied to their male counterparts... More>>

Gordon Campbell: On The Harry/Meghan Affair, And Iran

Those “Meghzit” headlines seem apt, given how closely Britain’s January 31 exit from the European Union resembles the imminent departure from the Royal Family’s top team of Prince Harry and Meghan Markle. For young Iranians, the accidental downing of the Ukrainian airliner is just the latest example of the deadly incompetence and dishonesty of their leaders... More>>