Getty Images
Ransomware-stricken Travelex up for sale
Travelex’s parent Finablr is washing its hands of the ransomware-stricken forex provider as it struggles with the twin shocks of the Covid-19 pandemic and a developing fraud scandal
Stricken foreign exchange company Travelex, which was still recovering from a £25m hit after its systems were encrypted by Sodinokibi ransomware on 31 December 2019 when the international travel industry shut down thanks to the Covid-19 coronavirus pandemic, is up for sale.
Travelex staff were forced to use pen and paper to record cash-only transactions after its systems were shut down as a result of the attack, which left holidaymakers and business travellers stranded worldwide without access to funds, and also affected a number of retail banks, including Barclays and HSBC, which relied on Travelex for their own exchange services.
It later emerged that the firm had left disclosed flaws in its virtual private network (VPN) servers unpatched, meaning its networks were highly vulnerable to cyber attacks on a daily basis for eight months. Researchers at Bad Packets had even reached out to Travelex to try to inform them of this, but were ignored.
Travelex had only fully restored its systems as of 2 March 2020, barely a week before the World Health Organisation (WHO) declared the developing coronavirus crisis a full-blown pandemic. As an organisation that is highly dependent on the overall health of the travel industry, this means that Travelex has also been severely hit by the pandemic.
As of 17 March, the firm had said it was working with stakeholders to mitigate the challenges thrown up by the pandemic, but given the subsequent introduction of nationwide lockdowns worldwide and the suspension of all but essential travel, its supply of customers has virtually dried up.
In a brief statement, Travelex said: “The company announces that, as part of its continuing assessment of strategic options to maximise value for its stakeholders, the Board of Travelex Holdings Limited has decided to seek offers for the Travelex group, and has communicated this intention to [parent organisation] Finablr plc.
“Parties with a potential interest in making a proposal should contact PwC [PricewaterhouseCoopers] to enter into a customary non-disclosure agreement, following which they will receive certain information on the Travelex group, and will be invited to submit their indicative proposals to PwC on that basis.
“The company will continue to update stakeholders on the sale process and parallel discussions with creditors as appropriate.”
Finablr – which bought the firm from its founder, entrepreneur Lloyd Dorfman, in 2014 – first appointed auditors to prepare it for potential insolvency in March, saying that given its liquidity situation it wanted to “undertake rapid contingency planning for a potential insolvency appointment”.
It should be noted that the insolvency planning is at least in part related to the discovery of financial irregularities at Finablr unrelated to Travelex – group companies had kept millions of dollars worth of cheques secret from the board of the Abu Dhabi-based firm prior to a 2019 IPO.
Another Finablr group company, UAE Exchange, has since been taken under the control of the central bank of the United Arab Emirates, and a separate healthcare company founded by Finablr boss Bavaguthu Raghuram Shetty is also at the centre of a fraud scandal.
According to the Financial Times, the price of Travelex’s listed bonds stands at a quarter of debt face value, suggesting that there is no value for Finablr but maybe some for the bondholders.
Those who hold debt in Travelex could try to realise this by taking control of it, supporting its sale, or through a debt-for-equity swap, sources close to the talks told the newspaper.
Read more about the Travelex attack
- With Travelex’s IT still in disarray and banks and travellers left without access to funds more than a week after it was hit by a ransomware attack, we ask what others can learn from its plight.
- The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department.