As The Guardian reports, Travelex has been switching its systems back on again after the New Year’s Eve discovery of a cyber attack forced the company to take its websites offline. The Sodinokibi hacker gang reportedly threatened to publish customers’ sensitive information, including credit card details, unless Travelex paid $6 million in ransom.

Travelex said no customer information had been compromised. “We continue to make good progress with our recovery and have already completed a considerable amount in the background," said Tony D’Souza, the firm’s CEO.

Meanwhile, an upstate New York airport and its computer service provider also revealed they’d been hit by a Sodinokibi ransomware attack, as reported by NBC 4 New York. Officials at the Albany County Airport Authority said the attack, discovered on Christmas Day, affected the airport and Schenectady-based LogicalNet. Airports said no personal or financial traveler data was exposed and operations at the Albany International Airport were unaffected.

Other recent Sodinokibi targets have included the information-technology services firms Synoptek, Complete Technology Solutions and PerCSoft, according to Krebs On Security.

Sodinokibi/REvil works by encrypting data and demanding cryptocurrency in exchange for unlocking the affected system. According to Ars Technica, in Travelex’s case, the hackers appear to have exploited a vulnerability in unpatched corporate software for virtual private networks. Pulse Secure, the popular corporate VPN provider, announced an urgent patch in August 2019 for a flaw that allowed hackers to break in, shut down multi-factor authentication and even view passwords.

The Sodinokibi ransomware campaign was first spotted by Cisco Talos in April 2019, Ars Technica notes. Given that there may still be more than a thousand unpatched Pulse Secure servers in the United States, other organizations may still be vulnerable.