Travelex has become the latest high-profile victim of ransomware, and what can you do to protect your organisation from suffering a similar fate?
On New Years Day 2020, cybercriminals launched a ransomware attack on Travelex. Travelex is a foreign exchange company whereby cybercriminals have allegedly copied upwards of 5GB of personal data containing the names, dates of birth, social security numbers and credit card information of its customers.
In order to get this data back, the cybercriminals are holding the data to ransom for $6 million.
This has led Travelex with having to take down its websites and employees having to resort to using pen and paper in its stores while the investigation with the Police is ongoing.
The Ransomware Attack
While it’s not known just yet how the ransomware was infiltrated into Travelex’s network, it is thought to be Sodinokibi (also known as Sodin or REvil). It is thought that the information was stolen from the company’s networks and could be released online if the ransom isn’t paid.
How Can You Protect Your Organisation from Ransomware?
It is commonly acknowledged that many of these ransomware attacks follow a similar pattern. The attacker gains initial access via some means, be it a vulnerability in the external infrastructure or via email campaigns aimed at harvesting credentials Four types of phishing attacks to be aware of. Once the attacker has gained access to your network and systems, they will then spend time searching the network for high-value target hosts; if you think about it from the attacker’s point of view, the greater the value of the data, the greater the chance of someone paying up.
So, here are some key takeaways to securing and protecting your organisation: –
- Regular checks of your external infrastructure. Carry out regular Pen Testing (penetration testing) to identify vulnerabilities into your systems and close any gaps in your defence.
- Stay updated. Apply updates and patches to your infrastructure to remove any potential security vulnerabilities and access points that can be infiltrated through exploiting weaknesses.
- Identify your most valuable assets (not all data is equal). Identify which systems hold your most valuable assets and restrict access with strict permissions to employees inside and outside of your organisation.
- Mail filtering. Use advanced mail threat protection to scan for potential malicious emails and block them before they reach your employees.
- Review network access and entry points. Use advanced cybersecurity protections that analyse traffic on your network, where traffic is gaining or attempting to gain access through a correlation engine that looks for anomalies. For example, if your employees gain access to your network remotely from a set location, suspend access if access is attempting from unknown or irregular locations.
- Multi-factor authentication. Ensure access to your systems and data have multi-factor authentication tools whereby you need more than just a username and password to gain access.
- Prepare for the worst. You need to have a working plan that you can implement immediately should the worse happen. This includes resetting passwords of compromised accounts, suspending network access and systems, ring-fencing your most valuable data and how to start recovery.
Find Out More