An unpatched critical vulnerability in Pulse Secure VPN servers might have been used in the recent ransomware attack against London-based foreign exchange company Travelex.
Hackers infected Travelex’s infrastructure with the Sodinokibi ransomware on New Year’s Eve, forcing the company to shut down all operations across 30 countries. The hackers say they’ve been inside the network for the past six months and have downloaded 5GB worth of personal information, including credit card numbers.
The hackers are now demanding Travelex pay $6 million for them to decrypt the files and delete the stolen information. Neither of those promises hold any certainty, as hackers often never follow through. There’s no guarantee the data won’t hit the dark web even if they pay the ransom.