Days after a ransomware attack rattled the world’s largest retail currency dealer, customers are left helpless and banks have halted currency services.

Travelex customers have been left in limbo in the aftermath of the cyber-attack discovered on New Year’s Eve. Many previously placed orders are yet to be fulfilled, and some customers have been unable to get refunds.

Meanwhile, major banks including Lloyds, Barclays and Royal Bank of Scotland—all of which get their foreign notes from Travelex—have temporarily stopped their currency services. The banks said their supply of notes from Travelex have dried up.

Gang of hackers demand ransom

The ransomware attack, carried on by a notorious gang of hackers, has forced Travelex to take down its websites in 30 countries across Europe, Asia, and the US.

The hackers, alternatively called Sodinokibi or REvil, claim they first gained access to Travelex’s computer network six months ago and have downloaded 5GB of sensitive customer data—including credit card information, date of birth, and national insurance numbers.

REvil is demanding a $6m (£4.6m) ransom in payment for not using the stolen database and restoring the computer network.

The paralysis of the computer system was so extensive that Travelex staff resorted to using pen and paper to write invoices.

CEO’s apology

“Travelex has been successful in containing the spread of the ransomware,” the company said. “Travelex has also confirmed that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted, and that there is still no evidence that any data has been exfiltrated.”

The company added that it will do everything it can to keep customers and employees informed of further developments.

Tony D’Souza, CEO, apologised for the disruption caused by the attack. “We take very seriously our responsibility to protect the privacy and security of our partners’ and customers’ data,” he said.

As we go to press, ten days after the attack, shares of Travelex’s parent company Finablr, a global payment company listed in London, have plunged nearly 25% to a record low.

Police investigation

The Metropolitan Police has confirmed that it has undertaken a probe into the ransomware attack.

Others looking into the attack include the Financial Conduct Authority (FCA) and the National Cyber Security Centre (NCSC). The NCSC said it is “closely working with law enforcement and will continue to support the affected organisation.”

“Damaging to industry reputation”

According to Michael Kent, CEO of digital money transfer service Azimo, “these targeted and sophisticated malicious activities are becoming more common, with legacy finance businesses being especially vulnerable.”

He said the new breed of fintechs had invested in robust infrastructure, systems and processes to minimise the impact of hackers.

“Security breaches of this scale are hugely damaging to the whole industry reputation, destroys value for the companies impacted and worst of all, creates a nightmare for customers,” Kent said.