A ransomware attack on a service provider of banking technology systems has temporarily shut down nearly 300 small banks across India. An audit was being conducted to ensure the attack does not spread further.
Highlights:
- C-Edge Technologies, provider of payment systems to small banks, impacted
- Source says only 0.5% of country’s payment volumes was hit
- Attack came after a massive global Microsoft outage last month.
A ransomware attack on a technology service provider has forced payment systems across nearly 300 small Indian local banks to shut down temporarily, two sources directly aware of the matter said.
The attack affected C-Edge Technologies, a provider of banking technology systems to small banks across the country, they said.
C-Edge Technologies did not respond to an email seeking comment.
The Reserve Bank of India, the country’s banking and payment system regulator, did not respond to Reuters’ request for comment.
The National Payment Corporation of India (NPCI), an authority that oversees payment systems, in a public advisory issued late on Wednesday, said that it had “temporarily isolated C-Edge Technologies from accessing the retail payments system operated by NPCI”.
“Customers of banks serviced by C-Edge will not be able to access payment systems during the period of isolation,” the NPCI said.
Mr. Pankit Desai, Cofounder & CEO, Sequretek said, The breach affecting over 300 small banks is a distressing reminder of the vital role cybersecurity plays in preserving the integrity of our financial systems. Such incidents can have far-reaching consequences, disrupting critical banking services and eroding consumer trust. The role of the 3rd party solution providers and tools poses a significant risk that hurts organizations, the most. Financial institutions, irrespective of their size, must prioritize their cybersecurity initiatives. It is essential for banking technology providers to implement multi-layered security measures and regularly conduct risk assessments to identify and mitigate potential vulnerabilities. High time that the financial institutions strengthen their cybersecurity posture and ensure they are equipped to handle the sophisticated cyber threats of today.
Nearly 300 small banks have been isolated from the country’s broader payment network to prevent any wider impact, the sources, who are officials at a regulatory authority, said.
“Most of these are small banks and only about 0.5 per cent of the country’s payment system volumes would be impacted,” said one of the sources.
India has nearly 1,500 cooperative and regional banks which mostly have operations outside big cities. It is some of these banks that have been affected, sources said.
NPCI is conducting an audit to ensure that the attack does not spread, the second source said.
The RBI and the Indian cyber authorities have warned Indian banks about possible cyber attacks in the past few weeks, banking industry sources and the first source said.
*Inputs from Reuters
