Hackers are holding foreign exchange company Travelex to ransom after a cyber-attack forced the firm to turn off all computer systems and resort to using pen and paper across its thousands of sites.
On New Year’s Eve, hackers launched their attack on the Travelex network.
As a result, the company took down its websites across 30 countries to contain “the virus and protect data”.
The hackers are demanding a ransom to give the firm access to its systems.
They have demanded payment in exchange for either restoration of IT systems or the preservation of customer data.
It is understood that a deadline for payment has been set by the cyber-criminals.
The Metropolitan Police is leading the investigation into the attack.
In a statement, the force said: “On Thursday, 2 January, the Met’s Cyber Crime Team were contacted with regards to a reported ransomware attack involving a foreign currency exchange. Enquiries into the circumstances are ongoing.”
Travelex says it is working with police and has deployed teams of IT specialists and external cyber-security experts who have been working continuously.
The recovery operation is being co-ordinated from a Travelex office in the UK and the company insists that no customer data has been leaked.
But it would not say what data could potentially be at risk.
The Travelex websites across Europe, Asia and the US have been offline since 31 December with a message to visitors that it is down due to “planned maintenance”.
Customers have not been sent any email communication about the cyber-attack, but queries are being replied to on social media by the company.
“The public response from Travelex has been shockingly bad,” said security researcher Kevin Beaumont.
“The Travelex UK website still only says ‘planned maintenance’, a week after the problems began – many customers will be completely unaware hackers gained access to their network, and allegedly their personal data,” he said.
“Travelex have a responsibility to clearly communicate with customers and business partners the gravity of the situation.”
Travelex’s decision to take down its site has meant the large network of other firms that use its services cannot sell currency online.
The company has said it is keeping its partners up to date on the response to the cyber-attack.
Virgin Money’s site showed an error message, which said: “Our online, foreign currency purchasing service is temporarily unavailable due to planned maintenance. The system will be back online shortly.”
Sainsbury’s Bank also said its online travel money services were unavailable, although it said customers could still buy travel money in its stores. In a statement to the BBC, the bank said: “We’re in close contact with Travelex so that we can resume our online service as soon as possible.”
A spokesperson for First Direct, which is owned by HSBC, said: “Unfortunately, our online travel money service is currently unavailable due to a service issue with third party service provider, Travelex.”
In a statement on Thursday, Travelex boss Tony D’Souza said: “We regret having to suspend some of our services in order to contain the virus and protect data.”
The company has resorted to carrying out transactions manually, providing foreign-exchange services over the counter in its branches.
“We apologise to all our customers for any inconvenience caused as a result,” Mr D’Souza said in the statement.
The company has since told the BBC that its systems are currently down and it is unable to sell or reload its pre-paid travel cards. But, it said: “Existing cards continue to function as normal and customers in the UK can continue to spend and withdraw money from ATMs.”
“For customers who have ordered money online, please contact Travelex customer services by phone or via social media to discuss their individual situation and requirements.”