Travelex attack shows how gangs are holding companies to ransom

US dollar

The ransomware attack on the foreign exchange company Travelex reflects the growing presence of criminal gangs in the cybercrime market, according to a leading cyber expert.

Tim Thurlings of bluedog Security Monitoring says there has been a worldwide increase in such attacks in recent months. In another case,  the Dutch University of Maastricht is believed to have paid hundreds of  thousands of euros to attackers to retrieve its data.

Tim says the cybercrime market has become more professional, with criminal gangs taking over from rogue coders. “Instead of using the ransomware themselves, the coders who develop it are selling it on the darknet and letting others take the risk,” he explains.

“You can buy malware from just €500 and the package even includes a helpdesk support to allow the victims to get hold of bitcoins to pay the ransom. Criminal gangs are buying the software and using it to target companies and negotiate fees.’

The gangs use phishing emails sent to employees, or vulnerabilities in the IT system to breach the company’s defences. Once the malware enters the network, it moves through the system and can lie undetected for some time. Once it reaches a certain point, such as when the backups and many of the machines are infected, it then encrypts the company’s data and the ransom demand is made.

“At this point the company has lost access to its data and the business grinds to a standstill. Of course businesses have to get up and running again quickly or go bankrupt and the criminals know this. Ransom demands are often carefully considered and are set at a sum that is less than it would cost the business to fix the problem themselves.

“Big businesses will also have cyber insurance which will cover the cost, as the attackers know. Ransonware is a very lucrative business model.”

Attacks on big companies tend to be more targeted and while smaller firms do suffer ransomware attacks, they tend to be more random – similar to ‘drive-by shootings’, says Tim. Typically the criminals may have sent out a million or so emails and an employee has happened to click on one. However such attacks can pose more of a risk to small companies as they are less likely to have cyber insurance or be able to pay the ransom.

While companies need to secure their networks and educate staff about cybersecurity, he says firms now need to take their security to the next level by using a professional 24-hour cybersecurity monitoring service.

“Traditional security measures such as firewalls and endpoint protection which firms use to keep attackers out can be breached all too easily,” says Tim. “By using cybersecurity monitoring, businesses can detect attackers entering the system or ransomware spreading through it. By detecting the problem at an early stage, it can be dealt with before the ransomware is triggered and with minimal impact on the business.”