* First of UK customer-facing systems restored
* Virgin Money, Tesco, RBS, Barclays say systems still down
* Travelex working to restore other systems
(Adds statement by banking trade body UK Finance)
By Noor Zainab Hussain
Jan 17 (Reuters) - More than two weeks after a crippling
ransomware attack forced Travelex staff to use pen and paper to
calculate foreign currency exchanges, the company said the first
of its customer-facing systems in Britain was up and running
again.
The cyber attack forced the company to take all its systems
offline, causing chaos for New Year holidaymakers and business
travellers seeking online currency services.
A phased global restoration of systems was now "firmly
underway", the company said on Friday, adding that an automated
order placement service used by a number of its British High
Street banking partners was already live.
Travelex, owned by Finablr, provides forex services
for customers of HSBC, Barclays, Virgin Money
and the banking arms of British retailers Tesco
and Sainsbury.
"We have started restoring forex order processing
electronically in our UK stores and in some of our UK retail
partner locations, and we are also now starting our VAT refund
service in UK airports," Travelex CEO Tony D'Souza said.
A spokesperson for Virgin Money, however, said customers
were still unable to place orders via its travel money website,
while Tesco Bank and Barclays said their systems were
offline. A Royal Bank of Scotland spokeswoman also said
its online and in-store systems were both still down.
"We are sorry for the inconvenience to our customers. We are
working with Travelex to get our foreign currency service back
up as soon as we are able to do so," a Barclays spokesman said.
Travelex said it was in the "advanced stages" of testing the
systems supporting bank note orders and its UK international
money transfer service.
"Individual firms will have their own processes in place to
ensure there is no risk to customers. This could lead to a delay
between Travelex restoring its systems and partner firms being
able to begin offering related services," banking trade body UK
Finance said.
RESTORING OPERATIONS
The company, which has a presence in more than 70 countries,
had been forced to serve customers face-to-face at 1,200
locations worldwide.
Travelex had said on Monday that it was restoring operations
to process foreign exchange orders electronically. It has said
there was no evidence to suggest that customer data has been
compromised.
The company has been working with authorities including the
National Cyber Security Centre and London's Metropolitan Police,
which has launched a criminal investigation.
Global companies are increasingly facing hackers who cripple
technology systems with malicious programmes such as ransomware
and only stop after receiving substantial payments.
Travelex, which was hit by ransomware called Sodinokibi, has
not said if it paid any money to its hackers. British media
reports, including from the BBC which said it had spoken with
the hackers, have pegged the ransom demand at $6 million.
Neither Finablr nor Travelex has so far indicated how much
the incident has cost them.
(Reporting by Noor Zainab Hussain in Bengaluru, Lawrence White
and Iain Withers in London; Editing by Kirsten Donovan and Susan
Fenton)