In light of the Travelex attack, how can companies better protect themselves against Sodinokibi ransomware?

EM360 TECH

Published on
20/04/2020 01:53 PM

Another day, another hack. Cybersecurity is the real-life Hunger Games; anyone can fall victim at any given time, and on New Year's Eve, it was Travelex's turn.

In case you missed it, the foreign exchange giant was forced to take its 30 websites down after hackers demanded an estimated $6 million in return for customer data. The malicious actors used Sodinokibi Windows ransomware to carry out the attack and, at the time of writing, are still threatening to release the personal data (including credit card information) unless Travelex pay the ransom.

The knock-on effect of the attack has been significant. Unfortunately, a number of the UK's largest banks rely on Travelex as a provider for travel money services. In turn, big names such as Lloyds, Barclays, and the Royal Bank of Scotland have had to pull the plug on travel money orders. Travellers have arguably suffered the greatest impact, as many ended up stranded in foreign countries unable to use their Travelex ATM cards.

At the time of writing, Travelex staff are handing over their laptops while the company investigates the situation. As a result, Travelex employees having to resort to pen and paper in the meantime.

Sodinokibi ransomware attacks are, unfortunately, very much on the rise. The Travelex incident is not the first and certainly won't be the last. Thus, the attack should be taken as a cautionary tale for organisations who aren't exercising cybersecurity best practices.

Firstly, a bit of background: Sodinokibi (sometimes referred to as REvil) is a Trojan horse that encrypts files on local storage devices and network shares. To decrypt them, attackers will usually demand payment. However, payment does not grant immunity; with ransomware, it is not uncommon for attackers to sell the data even once the victim has paid the ransom.

Often, the malicious actors will use exploit kits and scan-and-exploit techniques to carry out their attacks, although there are plenty more avenues they can take. While eliminating all your company's vulnerabilities is quite the task, small gestures of best practices can go a long way.

Becoming ransomware-resistant

Naturally, you'll want to splash the cash on solutions that put a barrier up around your business network. If a company as big as Travelex succumbed to a threat, then surely no one stands a chance, so you want to bring out the big guns.

However, solutions alone won't cut it. There is a rich portfolio of security vendors that can help you, but even the most sophisticated can't stop you or your employees clicking on a dodgy link. Thus, now is good a time as ever to reinforce cybersecurity best practices before your company is next in the headlines.

Password hygiene is a quick fix for a number of cybersecurity challenges. Organisations must encourage all employees to use complex passwords at all times. This way, even if an attacker compromises an employee's device, the progress they make, if any, will be slow. The complex passwords will act as difficult barriers at every turn and offer you a window of time to identify the attack and act.

Companies must also stress email vigilance. In particular, employees should not be opening attachments unless it has come from a trusted source. Even so, employees must consider whether they are expecting this attachment too. If it has randomly been sent out of the blue, chances are it could be compromised. Remember, we're all vulnerable in today's landscape!

To support this, businesses should consider setting up their email so that it blocks susceptible file types. This includes .bat, .exe, .vbs, .com, .ade, and .wsc, among others. Most antivirus programs do a good enough job at weeding out the bad guys, but you can't rely solely on those. New ransomware can seep through undetected, thus necessitating the two-step process of 'do I trust this sender?' and 'am I expecting this attachment?'.

Finally, minimalism is a company's best friend. Employees should have the bare minimum of privileges that they need to do their job. Similarly, ensure that the only devices connected to Bluetooth are the ones that absolutely need to be. Across all devices, if you think one has suffered an attack, isolate it as quickly as possible.

Final food for thought

While none of the above are complex, tech-heavy solutions, it'll give your company the head start it needs against attackers. Besides, no organisation wants to be the business that got hacked due to an employee's password being 'password', nor does any employee want to be that guy either!

However, it's important to acknowledge that cyber attacks are a matter of 'when', not 'if'. You don't have to be a currency giant like Travelex; as long as you have data, there's a treasure map with your company's name on it.

Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now