In a significant cybersecurity incident, a ransomware attack on C-Edge Technologies, a key technology service provider for small banks across India, has forced the temporary shutdown of payment systems for nearly 300 local financial institutions.
A ransomware attack on a technology service provider has forced payment systems across nearly 300 small Indian local banks to shut down temporarily, two sources directly aware of the matter said. The attack affected C-Edge Technologies, a provider of banking technology systems to small banks across the country, they said. The body in charge of monitoring payment networks, the National Payment Corporation of India (NPCI), said late on Wednesday that it has "temporarily isolated C-Edge Technologies from accessing the retail payments system operated by NPCI" in a public alert.
"Customers of banks serviced by C-Edge will not be able to access payment systems during the period of isolation," warned the NPCI. Nearly 300 small banks have been isolated from the country’s broader payment network to prevent any wider impact, the sources, who are officials at a regulatory authority, said.
"Most of these are small banks and only about 0.5 per cent of the country’s payment system volumes would be impacted,” said one of the sources. Almost 1,500 cooperative and regional banks operate in India; the majority of these banks are located outside the major cities. According to reports, a few of these banks have been impacted.
NPCI is conducting an audit to ensure that the attack does not spread, the second source said. The RBI and the Indian cyber authorities have warned Indian banks about possible cyber attacks in the past few weeks, reports said.
To assess the situation and mitigate further risks, the NPCI is currently conducting an audit. Additionally, both the RBI and Indian cyber authorities have previously issued warnings to financial institutions concerning potential cyber threats in recent weeks.
C-Edge, a joint venture between SBI and TCS, serves cooperative banks and regional rural banks, which have been affected by the breach. Officials stated that other banking services remained unaffected. To protect the broader payments system, necessary precautions, including isolating the C-Edge system, had to be implemented following the discovery of the breach two days ago.