A ransomware attack on a technology service provider has caused payment systems at nearly 300 small local banks in India to temporarily shut down, according to two sources familiar with the situation.
The attack targeted C-Edge Technologies, which provides banking technology to these small banks. C-Edge Technologies did not respond to a request for comment, and the Reserve Bank of India also did not comment.
The National Payment Corporation of India (NPCI) issued a public advisory late Wednesday, stating it had temporarily blocked C-Edge Technologies from accessing its retail payments system. This means customers of the affected banks will not be able to use payment systems during this period.
To prevent further issues, nearly 300 small banks have been disconnected from the country’s main payment network, according to the sources, who are regulatory officials. They noted that this impacts only about 0.5% of the country’s payment system volume.
India has around 1,500 cooperative and regional banks, mostly operating outside major cities, and it is some of these banks that have been affected by the attack.
NPCI is conducting an audit to ensure the attack does not spread, one of the sources said. The RBI and Indian cyber authorities had recently warned banks about potential cyber attacks, according to the sources.
What Is A Ransomware Attack?
A ransomware attack is a form of cybercrime where hackers use malicious software to block access to a computer system or encrypt its data, demanding a ransom payment for its release. Typically, the ransomware infiltrates the system through phishing emails, malicious downloads, or software vulnerabilities.
Once inside, it locks the user out or encrypts files, rendering them inaccessible. The attackers then display a ransom note with instructions on how to pay the ransom, often in cryptocurrency, to obtain the decryption key. Even if the ransom is paid, there is no guarantee that access will be restored. Preventative measures, such as up-to-date security software, regular data backups, and user education, are crucial in defending against such attacks.