UPDATE 2-Travelex staff put away pens and paper as UK systems come back online
* First of UK customer-facing systems restored
* Virgin Money, Tesco, RBS, Barclays say systems still down
* Travelex working to restore other systems (Adds banks' systems still down, context)
Jan 17 (Reuters) - More than two weeks after a crippling ransomware attack forced Travelex staff to use pen and paper to calculate foreign currency exchanges, the company said the first of its customer-facing systems in Britain was up and running again. The cyber attack forced the company to take all its systems offline, causing chaos for New Year holidaymakers and business travelers seeking online currency services.
A phased global restoration of systems was now "firmly underway," the company said on Friday, adding that an automated order placement service used by a number of its British High Street banking partners was already live.
Travelex, owned by Finablr, provides forex services for customers of HSBC, Barclays, Virgin Money and the banking arms of British retailers Tesco and Sainsbury.
A spokesperson for Virgin Money said customers were still unable to place orders via its travel money website, while Tesco Bank and Barclays said their systems were offline. A Royal Bank of Scotland spokeswoman also said its online and in-store systems were both still down.
"We are sorry for the inconvenience to our customers. We are working with Travelex to get our foreign currency service back up as soon as we are able to do so," a Barclays spokesman said.
Travelex said it was restoring in-branch retail systems in some Travelex and partner stores in the UK and testing some systems outside the UK this week.
"We have started restoring forex order processing electronically in our UK stores and in some of our UK retail partner locations, and we are also now starting our VAT refund service in UK airports," Travelex CEO Tony D'Souza said.
The currency trader said it was in the "advanced stages" of testing the systems supporting bank note orders and its UK international money transfer service.
The company, which has a presence in more than 70 countries, had been forced to serve customers face-to-face at 1,200 locations worldwide.
Travelex had said on Monday that it was restoring operations to process foreign exchange orders electronically. It has said there was no evidence to suggest that customer data has been compromised.
The company has been working with authorities including the National Cyber Security Centre and London's Metropolitan Police, which has launched a criminal investigation.
Global companies are increasingly facing hackers who cripple technology systems with malicious programs such as ransomware and only stop after receiving substantial payments.
Travelex, which was hit by ransomware called Sodinokibi, has not said if it paid any money to its hackers. British media reports, including from the BBC which said it had spoken with the hackers, have pegged the ransom demand at $6 million.
Neither Finablr nor Travelex have so far indicated how much it has cost them to handle the incident. (Reporting by Noor Zainab Hussain in Bengaluru, Lawrence White and Iain Withers in London; Editing by Susan Fenton, Kirsten Donovan)
© Copyright Reuters Ltd. All rights reserved. The information contained in this news report may not be published, broadcast or otherwise distributed without the prior written authority of Reuters Ltd.