Finablr eyes bounce as ransomware fears dissipate (FIN)

By Richard Mason

FTSE 250 forex seller Finablr (LSE:FIN) could be primed to bounce back from a stunning fall last week that wiped £192m from its market value.

Finablr, which owns well-known brand Travelex along with six other currency exchangers, was hit by a days-long cyberattack over the festive period that brought operations to a halt. The company revealed on 31 December that cyber criminals had successfully infected computer systems with the fast-moving Sodinokibi ransomware, and were demanding a $6 million (£4.6 million) payoff to unlock computer systems. 

Hackers claimed to the BBC that they had swiped a vast trove of sensitive personal data from Travelex customers including dates of birth, credit card numbers and national insurance numbers. Bosses at the London firm said staff were reduced to using a pen and paper to carry out customer orders over Christmas because they had been locked out of their own computer systems. 

In an 8 January RNS, the company admitted that “some data encryption” had taken place, but denied that any customer information or payment data had been leaked. Across the first full trading week after Christmas, as the news filtered through the market, Finablr shares lost 18% of their value.

The statement noted: “Travelex has been successful in containing the spread of the ransomware”, while confirming “there has been some data encryption, there is no evidence that structured personal customer data has been encrypted, and that there is still no evidence any data has been exfiltrated. Finablr’s six other brands are not affected and are operating normally. Finablr does not currently anticipate any material financial impact for the group”. 

Cyber units at the National Crime Agency and London’s Metropolitan Police are investigating. 


Security analysts investigating the Sodinikibi malware have discovered that the first attack is usually made with a phishing email that dupes staff into opening an email containing a malicious script that locks down computer systems and demands a paid ransom to decrypt files. 

Nine local governments in Texas were breached by the same ransomware in August 2019, with cybercriminals apparently carrying out a co-ordinated attack

At time of writing, the Travelex website is still offline. A note on the web page says: “We’re sorry but our online travel money service isn’t available right now. This is as a result of a software virus. On discovering the virus, and as a precautionary measure, Travelex immediately took all its systems offline to prevent the spread of the virus further across the network.”

The market knows the potential cost of ransomware and the devastation cyberattacks can cause. FTSE 100 and FTSE 250 companies have been left counting the cost of cyber breaches long after the initial attack took place. British Airways owner International Consolidated Airlines (LSE: IAG) was hit with a record £183m fine from the Information Commissioner’s Office in August 2018 after its website and mobile app were attacked and hundreds of thousands of customer credit card details were leaked. Meanwhile, the NHS was left with an IT cleanup bill of more than £73m after Wannacry ransomware hit the service in May 2018.

Turnaround time

Finablr’s shares saw a sharp selloff in the week leading up to Christmas, with the firm’s share price dropping 19.9% from 210p to 168.2p. The company said it was at a loss to explain the volatility, saying in an 18 December RNS that “there is no financial or operational reason for the share price movement” and that it was “on track” to achieve the guidance it set out in its IPO. 

Commentators have suggested that the fall in value was due to a very large share selloff representing 40.5 million shares, a stake of around 6%, by a group of shareholders including Saeed Mohamed Butti, Mohamed Khalfan Al Qebaisi and Khaleefa Butti Omair Yousif Amhed Al Muhairi. 

UAE-based healthcare operator NMC Health was hurt by the same news, with Al Qebaisi and Al Muhairi selling off 31.2m shares in the FTSE 100 firm. Both placings were reportedly carried out by Credit Suisse and Deustche Bank.

The Finablr share price has sunk far below both its 20-day and 50-day EMA. Assuming assuming there are no more nasty surprises to come out, the company should recover from here. 

When markets opened on Monday 13 January, shares looked for recovery, inching upwards towards 130p. Early Monday morning trading also showed an RSI around the 30 mark, suggesting the shares are in oversold territory. 

Shares have plunged 40% since their all-time high in early November, falling from 215p to 126p, with £600m wiped off the company’s market cap. Investors looking for a cheap entry point to the FTSE 250 firm could have a field day here, if the police investigation is wrapped up quickly and it is revealed that the data breach is in line with what the company has said and that credit card numbers have not been revealed. 

Finablr was in a decent position going into the Christmas period, and so the share price could quite easily bounce back if, as they say, there are no long-term material financial impacts from this ransomware breach. 

October 2019 saw Finablr sign up commercial partnerships with mobile operators Samsung and Airtel Africa, as well as inking an MOU to work on the vast cross-border payments market with China Union Pay.

Meanwhile, an 11 November trading update for the nine months to 30 September 2019 highlighted adjusted income growth of 9% over the same period the previous year, a 14% increase in total processed currency volumes to $97.2bn, and a 22% jump in EBITDA at $182.3m.

The company’s next earnings are due out on 26 February. 

Explore more on these topics:



This article does not provide any financial advice and is not a recommendation to deal in any securities or product. Investments may fall in value and an investor may lose some or all of their investment. Past performance is not an indicator of future performance.

Sign up for Investing Intel Newsletter