Ransomware Attack on Travelex: Facts, Impact, and Prevention
VerifiedAdded on  2022/12/30
|7
|2157
|61
AI Summary
This report provides an overview of the ransomware attack on Travelex, including facts about the attack, its impact on customers, how the ransomware was deployed, and the errors made by the company. It also discusses the measures that could have been taken to prevent the data breach and provides recommendations to avoid future cyber attacks.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Cyber Security
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Table of Contents
INTRODUCTION...........................................................................................................................1
MAIN BODY...................................................................................................................................1
Task 1..........................................................................................................................................1
Facts of the ransomware attack..............................................................................................1
Affect on customers................................................................................................................1
How was the ransomware deployed on the Travelex system?...............................................2
Errors made by company that lead to the ransomware attack................................................2
Task 2..........................................................................................................................................2
Under GDPR what does a company have to do when it learns it has been the victim of a
cyber-attack resulting in a data breach?.................................................................................2
Fine imposed by ICO on the company...................................................................................3
Task 3..........................................................................................................................................3
How you would have prevented this data breach from taking place?....................................3
What measures should you take in order for it not to happen again?.....................................4
CONCLUSION................................................................................................................................4
References:.......................................................................................................................................5
INTRODUCTION...........................................................................................................................1
MAIN BODY...................................................................................................................................1
Task 1..........................................................................................................................................1
Facts of the ransomware attack..............................................................................................1
Affect on customers................................................................................................................1
How was the ransomware deployed on the Travelex system?...............................................2
Errors made by company that lead to the ransomware attack................................................2
Task 2..........................................................................................................................................2
Under GDPR what does a company have to do when it learns it has been the victim of a
cyber-attack resulting in a data breach?.................................................................................2
Fine imposed by ICO on the company...................................................................................3
Task 3..........................................................................................................................................3
How you would have prevented this data breach from taking place?....................................3
What measures should you take in order for it not to happen again?.....................................4
CONCLUSION................................................................................................................................4
References:.......................................................................................................................................5
INTRODUCTION
Ransomware attack is defined as the attack on computer systems where it acts like a
viruses and disrupts the working of the computer. It damages the software and operating system
of the computer. It enters into the computer via links, mails or downloads (Apruzzese, Colajanni,
Ferretti and Marchetti, 2018). Victim organization is Travelex, it is one of the foreign exchange
company based in UK in 1976. The following report covers the facts about attack, schedule of
attack, reason behind targeting Travelex, affect on customers, deployment of attack, errors made
by company, measures taken by company, fine imposed, prevention techniques, measures to
avoid and the conclusion.
MAIN BODY
Task 1
Facts of the ransomware attack
Ransomware attack made the victim to Travelex for their attack. It happened on the new
year's evening that is in the end of the year of 2019 that is on 31st December, 2019. Hackers
establish their ransomware attack on the network of the Travelex. This has resulted in taking
down of the various websites of the company to across thirty countries that contains the virus and
protect data. Gang which was involved named Sodinokibi communicated to the BBC news and
they wants the company to pay $6m or £4.6m. Hackers has targeted the company because they
were holding the large amount data through the attackers can get the good amount of money out
of it and so as they demanded the same using the news channels (Carley, Cervone, Agarwal and
Liu, 2018).
Affect on customers
Customers were frustrated and upset and got feared out of the company suffered of such a
huge loss and thinking about that how they can now recover all the data and money which they
have already lost due to the cyber attack. They were tensed because they had put on lot of money
and private data to the company and they were in great fear of loosing that so they are
demanding the their money which they had already paid to the company and seeking the security
of their private data and information which is held by the company. They are still suffering the
1
Ransomware attack is defined as the attack on computer systems where it acts like a
viruses and disrupts the working of the computer. It damages the software and operating system
of the computer. It enters into the computer via links, mails or downloads (Apruzzese, Colajanni,
Ferretti and Marchetti, 2018). Victim organization is Travelex, it is one of the foreign exchange
company based in UK in 1976. The following report covers the facts about attack, schedule of
attack, reason behind targeting Travelex, affect on customers, deployment of attack, errors made
by company, measures taken by company, fine imposed, prevention techniques, measures to
avoid and the conclusion.
MAIN BODY
Task 1
Facts of the ransomware attack
Ransomware attack made the victim to Travelex for their attack. It happened on the new
year's evening that is in the end of the year of 2019 that is on 31st December, 2019. Hackers
establish their ransomware attack on the network of the Travelex. This has resulted in taking
down of the various websites of the company to across thirty countries that contains the virus and
protect data. Gang which was involved named Sodinokibi communicated to the BBC news and
they wants the company to pay $6m or £4.6m. Hackers has targeted the company because they
were holding the large amount data through the attackers can get the good amount of money out
of it and so as they demanded the same using the news channels (Carley, Cervone, Agarwal and
Liu, 2018).
Affect on customers
Customers were frustrated and upset and got feared out of the company suffered of such a
huge loss and thinking about that how they can now recover all the data and money which they
have already lost due to the cyber attack. They were tensed because they had put on lot of money
and private data to the company and they were in great fear of loosing that so they are
demanding the their money which they had already paid to the company and seeking the security
of their private data and information which is held by the company. They are still suffering the
1
trust issues on the company and trying to avoid as much as they can to take the services from the
firm (Chesla, Empow Cyber Security Ltd., 2017).
How was the ransomware deployed on the Travelex system?
Hackers were seeking the way and moment that what can be the correct timings of
attacking through which they can get successful out of it. So they chose the new year's evening
for their crime and cyber attack to the company. They got succession because they were holding
the foreign exchange company with ransom after the cyber attack enforced the company to shut
down all the computer systems and resorted them to use pen and paper for working. Therefore,
this is how the ransomware deployed on the Travelex's system (Reynolds, 2020).
Errors made by company that lead to the ransomware attack
It was just a simple mistake or a very small cause that was made by the company that
resulted them in such a major cyber attack of ransomware. Error was that the patch which was
used by the company of software vulnerability in their systems that allowed the access for the
criminals to attack were left open that is left patched six months before the attack by the hackers.
If patch was controlled by the technical team of the company by taking care or by ensuring this
silly mistake, this attack could not have been possible ever. Therefore, it is said that technology
is becoming more updated now a days and hence needs more security to protect such technology
from such attacks otherwise it can result in huge dangerous attacks if not taking care of such
small things that is required by the technology every time (Edgar and Manz, 2017).
Task 2
Under GDPR what does a company have to do when it learns it has
been the victim of a cyber-attack resulting in a data breach?
Data breach can be defined as the data leaking especially the information which is private
and confidential in an organization that is through which company can suffer a great loss out of
it. This is mainly done by the hackers who demands for money for returning back their data
safely without any lost of it. GDPR that is general data protection regulation provides the
guidelines to the companies that what they must do immediately after being the victim of the
cyber attacks and data beaches so that they can take various measures in order to prevent and for
2
firm (Chesla, Empow Cyber Security Ltd., 2017).
How was the ransomware deployed on the Travelex system?
Hackers were seeking the way and moment that what can be the correct timings of
attacking through which they can get successful out of it. So they chose the new year's evening
for their crime and cyber attack to the company. They got succession because they were holding
the foreign exchange company with ransom after the cyber attack enforced the company to shut
down all the computer systems and resorted them to use pen and paper for working. Therefore,
this is how the ransomware deployed on the Travelex's system (Reynolds, 2020).
Errors made by company that lead to the ransomware attack
It was just a simple mistake or a very small cause that was made by the company that
resulted them in such a major cyber attack of ransomware. Error was that the patch which was
used by the company of software vulnerability in their systems that allowed the access for the
criminals to attack were left open that is left patched six months before the attack by the hackers.
If patch was controlled by the technical team of the company by taking care or by ensuring this
silly mistake, this attack could not have been possible ever. Therefore, it is said that technology
is becoming more updated now a days and hence needs more security to protect such technology
from such attacks otherwise it can result in huge dangerous attacks if not taking care of such
small things that is required by the technology every time (Edgar and Manz, 2017).
Task 2
Under GDPR what does a company have to do when it learns it has
been the victim of a cyber-attack resulting in a data breach?
Data breach can be defined as the data leaking especially the information which is private
and confidential in an organization that is through which company can suffer a great loss out of
it. This is mainly done by the hackers who demands for money for returning back their data
safely without any lost of it. GDPR that is general data protection regulation provides the
guidelines to the companies that what they must do immediately after being the victim of the
cyber attacks and data beaches so that they can take various measures in order to prevent and for
2
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
the recovery of data as soon as possible before suffering the major loss due to it. Guidelines
given by the GDPR are that the company immediately must informs or notify the supervisory
authority without any further delays, which means maximum within 72 hours after being aware
of data breach in their systems. Moreover, if company learns that only an individual is affected
and no one else then too they are required to complaint to the supervisory authority so that they
can be safe for further individual's data breaches for prevention in a major loss that can faced by
the company (El Mrabet, Kaabouch, El Ghazi and El Ghazi, 2018).
Fine imposed by ICO on the company
There is a fine imposed on the companies who do not follow the guidelines which is
especially issued by the GDPR for the benefits of the organizations itself. Reason behind
imposing the fine is that the data which suffered a loss causes the great disruption on the firm
and as well as the customers and clients who are associated with the firm. Because of the firm's
mistake they suffered the loss and if then too they are not following the guidelines requires for
the company to pay the fine imposed by ICO so that next time they can not repeat the same
mistake and can not suffer the losses in future. In context of Travelex, the company did not
reported the data breach to their supervisory authority within 72 hours of awareness of cyber
attack which is strictly mentioned in the guidelines of GDPR. That is why fine was imposed by
ICO on the company and it is expected to be stiffer that is maximum up to four percent of the
total turnovers of the company. Fine is not only imposed on their customers data but also on their
personal data as well because reporting is necessary which was not followed by the Travelex
(Knight and Nurse, 2020).
Task 3
How you would have prevented this data breach from taking place?
There are various measures that could be taken to prevent the data from leaking and save
the company from losses. Such prevention methods are that the organization must restrict the
access to the data which is the most important and valuable for the company because if company
did not limit the access then it can lead to the leakage of the information by an unknown source.
Company must ensure that employees are being trained for the same such as organization should
keep the training sessions for non technical employees so that they can get the knowledge of
3
given by the GDPR are that the company immediately must informs or notify the supervisory
authority without any further delays, which means maximum within 72 hours after being aware
of data breach in their systems. Moreover, if company learns that only an individual is affected
and no one else then too they are required to complaint to the supervisory authority so that they
can be safe for further individual's data breaches for prevention in a major loss that can faced by
the company (El Mrabet, Kaabouch, El Ghazi and El Ghazi, 2018).
Fine imposed by ICO on the company
There is a fine imposed on the companies who do not follow the guidelines which is
especially issued by the GDPR for the benefits of the organizations itself. Reason behind
imposing the fine is that the data which suffered a loss causes the great disruption on the firm
and as well as the customers and clients who are associated with the firm. Because of the firm's
mistake they suffered the loss and if then too they are not following the guidelines requires for
the company to pay the fine imposed by ICO so that next time they can not repeat the same
mistake and can not suffer the losses in future. In context of Travelex, the company did not
reported the data breach to their supervisory authority within 72 hours of awareness of cyber
attack which is strictly mentioned in the guidelines of GDPR. That is why fine was imposed by
ICO on the company and it is expected to be stiffer that is maximum up to four percent of the
total turnovers of the company. Fine is not only imposed on their customers data but also on their
personal data as well because reporting is necessary which was not followed by the Travelex
(Knight and Nurse, 2020).
Task 3
How you would have prevented this data breach from taking place?
There are various measures that could be taken to prevent the data from leaking and save
the company from losses. Such prevention methods are that the organization must restrict the
access to the data which is the most important and valuable for the company because if company
did not limit the access then it can lead to the leakage of the information by an unknown source.
Company must ensure that employees are being trained for the same such as organization should
keep the training sessions for non technical employees so that they can get the knowledge of
3
cyber crime and how they can avoid using the things in systems which can result in data
breaches. Firm must ensure that the systems they are using in their offices must get updated on a
daily basis especially the operating systems and any other software which is in maximum use
because outdated systems lacks security which leads to the cyber crime. Company must develop
or build up a plan for the response of the cyber breaches so that there could be the less time taken
by the systems in responding of the cyber attack because if response time is more then it can
result in delay in reporting which can lead to the major loss for the company (Gupta, 2018).
What measures should you take in order for it not to happen again?
There are different measures that an organization can take in order to not to face again the
cyber attack on their firm. Such as immediately informing supervisory authority about the cyber
attack on the company within 72 hours without any delays so that major loss can be prevented
soon. By providing training to employees about the cyber crime, by updating and regulating
passwords timely, by controlling patch vulnerabilities, by limiting the access towards essential
data and information, by encrypting devices and data and by applying two factor authentication.
Therefore, by taking these measures, it can prevent the company from not facing the data
breaches and cyber crime again in future because such measures depicts the strong security over
data, information and systems which supports and assist the firm in avoiding cyber attacks and
losses to their company (Schatz, Bashroush and Wall, 2017).
CONCLUSION
It is concluded that it is important to study about the cyber crime that is being faced by
the companies in real world and has suffered a huge loss and how they had taken measures to
cope up with such attacks. Learnings from the report is that what errors the company must avoid
so as to prevent data breaches, safety measures taken by the company to safeguard it's private
data and information, guidelines given by the GDPR on cyber attacks and how the company can
follow to fight against the hackers so that they can bear minimum or no losses out of it
(Ventures, 2017).
4
breaches. Firm must ensure that the systems they are using in their offices must get updated on a
daily basis especially the operating systems and any other software which is in maximum use
because outdated systems lacks security which leads to the cyber crime. Company must develop
or build up a plan for the response of the cyber breaches so that there could be the less time taken
by the systems in responding of the cyber attack because if response time is more then it can
result in delay in reporting which can lead to the major loss for the company (Gupta, 2018).
What measures should you take in order for it not to happen again?
There are different measures that an organization can take in order to not to face again the
cyber attack on their firm. Such as immediately informing supervisory authority about the cyber
attack on the company within 72 hours without any delays so that major loss can be prevented
soon. By providing training to employees about the cyber crime, by updating and regulating
passwords timely, by controlling patch vulnerabilities, by limiting the access towards essential
data and information, by encrypting devices and data and by applying two factor authentication.
Therefore, by taking these measures, it can prevent the company from not facing the data
breaches and cyber crime again in future because such measures depicts the strong security over
data, information and systems which supports and assist the firm in avoiding cyber attacks and
losses to their company (Schatz, Bashroush and Wall, 2017).
CONCLUSION
It is concluded that it is important to study about the cyber crime that is being faced by
the companies in real world and has suffered a huge loss and how they had taken measures to
cope up with such attacks. Learnings from the report is that what errors the company must avoid
so as to prevent data breaches, safety measures taken by the company to safeguard it's private
data and information, guidelines given by the GDPR on cyber attacks and how the company can
follow to fight against the hackers so that they can bear minimum or no losses out of it
(Ventures, 2017).
4
References:
Books and Journals
Apruzzese, G., Colajanni, M., Ferretti, L. and Marchetti, M., 2018, May. On the effectiveness of
machine and deep learning for cyber security. In 2018 10th International Conference on
Cyber Conflict (CyCon) (pp. 371-390). IEEE.
Carley, K.M., Cervone, G., Agarwal, N. and Liu, H., 2018, July. Social cyber-security.
In International Conference on Social Computing, Behavioral-Cultural Modeling and
Prediction and Behavior Representation in Modeling and Simulation (pp. 389-394).
Springer, Cham.
Chesla, A., Empow Cyber Security Ltd., 2017. Cyber-security system and methods thereof. U.S.
Patent 9,565,204.
Edgar, T.W. and Manz, D.O., 2017. Research methods for cyber security. Syngress.
El Mrabet, Z., Kaabouch, N., El Ghazi, H. and El Ghazi, H., 2018. Cyber-security in smart grid:
Survey and challenges. Computers & Electrical Engineering, 67, pp.469-482.
Gupta, B.B. ed., 2018. Computer and cyber security: principles, algorithm, applications, and
perspectives. CRC Press.
Knight, R. and Nurse, J.R., 2020. A framework for effective corporate communication after
cyber security incidents. Computers & Security, 99, p.102036.
Reynolds, R., 2020. The four biggest malware threats to UK businesses. Network
Security. 2020(3). pp.6-8.
Schatz, D., Bashroush, R. and Wall, J., 2017. Towards a more representative definition of cyber
security. Journal of Digital Forensics, Security and Law. 12(2). pp.53-74.
Ventures, C., 2017. Cybersecurity Jobs Report. Herjavec Group.
5
Books and Journals
Apruzzese, G., Colajanni, M., Ferretti, L. and Marchetti, M., 2018, May. On the effectiveness of
machine and deep learning for cyber security. In 2018 10th International Conference on
Cyber Conflict (CyCon) (pp. 371-390). IEEE.
Carley, K.M., Cervone, G., Agarwal, N. and Liu, H., 2018, July. Social cyber-security.
In International Conference on Social Computing, Behavioral-Cultural Modeling and
Prediction and Behavior Representation in Modeling and Simulation (pp. 389-394).
Springer, Cham.
Chesla, A., Empow Cyber Security Ltd., 2017. Cyber-security system and methods thereof. U.S.
Patent 9,565,204.
Edgar, T.W. and Manz, D.O., 2017. Research methods for cyber security. Syngress.
El Mrabet, Z., Kaabouch, N., El Ghazi, H. and El Ghazi, H., 2018. Cyber-security in smart grid:
Survey and challenges. Computers & Electrical Engineering, 67, pp.469-482.
Gupta, B.B. ed., 2018. Computer and cyber security: principles, algorithm, applications, and
perspectives. CRC Press.
Knight, R. and Nurse, J.R., 2020. A framework for effective corporate communication after
cyber security incidents. Computers & Security, 99, p.102036.
Reynolds, R., 2020. The four biggest malware threats to UK businesses. Network
Security. 2020(3). pp.6-8.
Schatz, D., Bashroush, R. and Wall, J., 2017. Towards a more representative definition of cyber
security. Journal of Digital Forensics, Security and Law. 12(2). pp.53-74.
Ventures, C., 2017. Cybersecurity Jobs Report. Herjavec Group.
5
1 out of 7
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.