So what has happened at Travelex?
Everyone has probably seen Travelex in the news this last week but what has actually happened? Travelex, the world’s largest foreign exchange bureau, has been the victim of an extensive cyberattack. Meaning, Travelex’s computer network has been infected with a virus or ransomware called Sodinokibi, and attackers claim to have copied more than 5GB of users’ personal data.
Reports suggest this could include; dates of birth, social security numbers, debit/credit card information and other personal details that can be used to compromise customer security. A ransom demanding $6 million has been issued, with the hackers claiming the data will be sold if they don’t pay this in six days time. Currently, Travelex is still offline as they work to recover their systems and employees have reverted back to working with pen and paper.
How has this happened?
Investigations into what has happened are still ongoing, but recent claims have suggested Travelex was running insecure services prior to the attack and updates or patches had not been properly installed.
What is the Sodinokibi ransomware?
Sodinokibi – also known as Sodin and REvil – is highly evasive, and takes many measures to prevent its detection by antivirus and other means. It exploits vulnerabilities in servers and other critical assets, and also infects via phishing attacks. Essentially, completely incapacitating a business by preventing the access of data and critical assets of a target machine, among other damage. Sodinokibi is also known to typically add random extensions to files encrypted on computer systems.
There’s no doubt that this is clearly terrible news for Travelex, with many people proclaiming they should “do better!” But, it’s clear to see that they have learnt their lesson the hard way. And now, what I want to know is:
Are other businesses listening and learning from Travelex’s mistakes?
I would encourage everyone reading this to ask themselves the following questions:
– What effect would it have on your business if you couldn’t use your computers?
– Their servers weren’t patched …What does YOUR patch management process look like?
– They’ve been hit with Ransomware… What would you do? What effect would it have on your business if you lost all your data?
– They’ve resorted to using pen and paper…What does YOUR contingency plan look like?
– Their systems were infiltrated months ago… Are you 100% confident your network is safe? When was your last Vulnerability scan or penetration test?
So, what steps can you take to prevent it happening to you?
Back-up data (frequently)
If businesses fall victim to a ransomware attack, their data is usually stolen and encrypted, and often, the only way to get this data back is to pay a ransom. However, you are not always guaranteed to get your data back – because as you might have guessed, hackers are not very ethical.
Therefore, backing up your data regularly will enable you to restore any lost data from the last back-up. Meaning you won’t have to pay the ransom to gain access to it.
It is advisable to have the back-up stored in more than one place, usually a cloud solution and a physical solution. And we recommend you encrypt the backed-up data to ensure it’s secure.
Remember, infection spreads. So, you don’t want to rely on a back-up device that is attached to your network, as this is also likely to be infected.
Install updates and patches as soon as possible
By installing updates regularly, you will reduce your risk of ransomware attacks. Plenty of malware is designed to exploit known security holes of common applications. Patches and updates are not just those annoying things that happen when you are trying to leave the office – they are the software company’s way of fixing and blocking those holes. So make sure you’re running updates on servers, PCs, laptops, Macs and mobile devices as soon as they are released.
Ensure comprehensive and regular staff awareness and training
What is a business’s weakest link? People! And in the cybercrime world, people are exploited to ‘open the door’ to the cybercriminal. And yet few businesses ensure that their teams regularly receive up-to-date training on good practice and cybersecurity awareness.Training should be applied across the board and should be constant as the cybersecurity landscape is constantly changing. All users should understand how real the cybercrime threat is and should understand the basics; how to be safe online, how to identify suspicious emails, how to recognise when they are being duped into providing information that could help an attacker gain access, and how to respond if they fall victim to an attack.
Have robust firewall and spam filters
Ensuring the devices that protect the perimeter of your organisation, such as your firewall and spam filters; are robust, up to date and properly configured can help to filter out some suspicious emails. And if configured properly, can also help to prevent your own email accounts being spoofed and used to distribute viruses under your name.
Have a strong password policy (or at least have a strong password!)
A good password policy is imperative, as weak passwords for cyber criminals are like an unlocked door. Passwords should be kept secret (not written on a post-it note and left on the desk!). They should be long and complex, with a combination of upper and lower case letters, numbers and symbols. Users should use different passwords for different applications and they should be changed frequently. There are a number of password manager applications on the market which manage this job for organisations.
Need help implementing these steps to ensure your business’s network is protected or want to talk about our security solutions? Contact Axon and one of our security experts will be more than happy to help.