Travelex claims it has brought money transfer and wire services back - but website remains down

Travelex's main website remains down almost a month after New Year's Eve ransomware attack

Travelex says its international money transfer service and wire services are now back up-and-running following the New Year's Eve ransomware attack. However, it's main website remains down.

The return of the services comes two weeks after the company claimed that its recovery from the ransomware incident was well underway. It has also continued to ration information about the attack and its response to the attack, while the placeholder on its website carries the bare minimum of information for customers.

The company's Travelex Money Cards, meanwhile, relied upon by travellers overseas, still cannot be reloaded, nor is the company issuing new cards.

Travelex losses will be partly covered by its cyber insurance policy, brokered by Gallagher, according to Reuters, while its parent company Finablr, which is listed on the London Stock Exchange, has claimed that the Travelex ransomware will not affect its 2019 financial results.

However, the insurance payout could be contingent on the small print in the policy. In the first week of the attack, a respected security specialist claimed that not only had Travelex been running unpatched Pulse Secure VPN servers, making them vulnerable to a critical security flaw, but that it had ignored explicit warnings from both the security researcher and the UK's National Cyber Security Centre.

A large number of organisations are still running unpatched Pulse Secure VPN servers, according to security specialist Kevin Beaumont, although many ransomware attackers have shifted their attention to a critical security flaw affecting Citrix ADC installations instead.

Travelex initially claimed that it had only been affected by a "virus" outbreak, admitting to falling victim to the Sodinokibi ransomware attack after more than a week offline. Staff were forced to resort to manual procedures and banks that rely on the company have been unable to provide customers with foreign currency.

It is still not clear when Travelex will have fully recovered from the ransomware outbreak. It has neither confirmed nor denied whether it paid a ransom to the attackers, initially believed to have been $3 million, but later ‘upgraded' to $6 million. The attackers had threatened to release sensitive customer data should Travelex refuse to pay up.

The company, meanwhile, failed to formally notify the Information Commissioner's Office (ICO) of a data breach within the 72 hours mandated under GDPR. The company has maintained that no customer data was compromised as a result of the attack.