{
	"id": "3bd6879c-0c1b-4119-9bd8-37cd21a6a139",
	"created_at": "2026-04-06T00:12:39.621219Z",
	"updated_at": "2026-04-10T13:11:27.846501Z",
	"deleted_at": null,
	"sha1_hash": "6ee458253051d97bba71396aa548e96046dc6359",
	"title": "Report: Travelex paid hackers $2.3 million worth of Bitcoin after ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57371,
	"plain_text": "Report: Travelex paid hackers $2.3 million worth of Bitcoin after\r\nransomware attack\r\nBy Graham Cluley\r\nPublished: 2020-04-09 · Archived: 2026-04-05 12:59:37 UTC\r\nRemember how back in January I raised one of the central mysteries behind Travelex’s ransomware attack –\r\nnamely, had the foreign currency exchange service paid its attackers a ransom or not?\r\nTravelex was notably refusing to answer any questions about whether it had given in to the extortionists’ demands.\r\nBut now, the Wall Street Journal reports, it sounds like Travelex paid US $2.3 million worth of Bitcoin to the\r\nREvil ransomware gang, who had threatened to publish personal data of customers stolen from Travelex’s\r\nnetwork.\r\nOwned by London-listed payments conglomerate Finablr PLC, Travelex found its operations crippled\r\nby a New Year’s Eve ransomware attack that left some of its systems offline for weeks. The finance\r\ncompany paid out the ransom in the form of 285 bitcoin, according to the person with knowledge of the\r\ntransaction.\r\nAsked about the payment, a Travelex spokesman said the firm has taken advice from a number of\r\nexperts and has kept regulators and partners informed about its efforts to manage the recovery. A U.K.\r\nlaw-enforcement investigation into the breach is continuing, he said. He declined to comment further on\r\nthe incident.\r\nhttps://www.grahamcluley.com/travelex-paid-ransom/\r\nPage 1 of 2\n\nWhether ransoms should be paid or not is a divisive topic, and I find it hard to give a simple answer. I can well\r\nunderstand the position of those who say that it encourages more ransomware attacks against other organisations if\r\na ransom is paid. It certainly does.\r\nBut at the same time, when a company is on the ropes, it has no other options, and its survival is in question, it’s\r\nhard not to sympathise with a difficult decision being made to pay those who were behind the attack if it helps\r\nensure the firm stays afloat, and jobs are saved.\r\nTravelex’s management team had been strongly criticised for its shambolic response to the attack, which saw the\r\nfirm delay confirming it had been hit by ransomware for over a week.\r\nEventually Travelex began to hobble back online at the end of January.\r\nThe financial problems faced by Travelex and its parent company, Finablr, have only increased in the months\r\nsince due to the enormous impact the Coronavirus pandemic has had on its business.\r\n#Malware\r\n#ransomware\r\n#Revil\r\n#Travelex\r\nSource: https://www.grahamcluley.com/travelex-paid-ransom/\r\nhttps://www.grahamcluley.com/travelex-paid-ransom/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.grahamcluley.com/travelex-paid-ransom/"
	],
	"report_names": [
		"travelex-paid-ransom"
	],
	"threat_actors": [],
	"ts_created_at": 1775434359,
	"ts_updated_at": 1775826687,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6ee458253051d97bba71396aa548e96046dc6359.pdf",
		"text": "https://archive.orkl.eu/6ee458253051d97bba71396aa548e96046dc6359.txt",
		"img": "https://archive.orkl.eu/6ee458253051d97bba71396aa548e96046dc6359.jpg"
	}
}