Travelex has insisted there is no evidence any personal customer data has been encrypted or "exfiltrated" – or stolen – after the foreign exchange firm fell foul of a New Year’s Eve ransomware attack, despite the purported hackers reportedly demanding nearly £5 million to decrypt key computer files.
However, the company has admitted it doesn’t yet have a "complete picture" of all the data that has been affected.
The forex giant said it took down its websites following the attack as a precaution to prevent a "software virus" from spreading. They still, however, display a message stating they are down for "planned maintenance".
It was confirmed on Tuesday (7 January) the Metropolitan Police in London is leading an investigation into the attack, which it described as a "reported ransomware attack involving a foreign currency exchange".
Travelex has stated it is working with police and is coordinating the recovery operation from its UK offices. A team of external cybersecurity experts are assisting with its efforts.
In a fresh statement, reported by the BBC on Tuesday, Travelex confirmed reports it was dealing with Sodinokibi or REvil ransomware which has allowed the perpetrators to encrypt key computer files.
The group behind the attack is understood to have demanded a ransom worth in the region of $6 million (£4.6 million) from Travelex to decrypt the data, which it says – contrary to Travelex – includes personal data, payment card information and national insurance numbers.