Travelex refuses to comment on whether it paid ransom to get its data back

Last week, a group claiming to be behind the Sodinokibi ransomware attack on Travelex threatened to release data. This week, Travelex refuses to comment on whether it paid up…

Travelex, the currency exchange giant whose systems were taken down following a New Year's Eve Sodinokibi ransomware attack, has refused to answer questions over whether it paid the ransom.

Last week, a group claiming to be behind the Sodinokibi ransomware attack on Travelex threatened to release data they say they exfiltrated before instigating the data encryption stage of their attack.

On Monday, though, Travelex released a statement claiming that it was making good progress in returning its systems to operational status - despite admitting that key data had been encrypted in the attack.

We have taken advice from a number of experts and we are not going to discuss this

Earlier, the Information Commissioner's Office (ICO) had revealed that Travelex hadn't notified it of a data breach within the 72 hour deadline. The company has claimed that no customer data has been compromised in the attack, despite legal experts warning that data does not necessarily have to be compromised in order for a data breach to have occurred.

Today, though, Travelex is refusing to answer the question of whether it paid the ransom or not.

In response to the simple question from Computing, "Did Travelex pay the ransom?" the company issued the following statement: "There is an ongoing investigation. We have taken advice from a number of experts and we are not going to discuss this."

The company's response raises question over how it has managed to recover its systems, given that it has provided so little information so far about how it has achieved its limited recovery more than two weeks after the initial incident.

All Computing's coverage of the Travelex ransomware outbreak: