A ransomware attack on a technology service provider has disrupted payment systems in nearly 300 small Indian banks, mostly affecting cooperative and regional rural banks, Reuters reported.
The attack affected online transactions, including cash withdrawals at ATMs as well as UPI payments.
The cybersecurity breach, which was detected on July 29, 2024, targeted C-Edge Technologies, a leading provider of cloud-based financial services and technology solutions to smaller financial institutions across India.
According to the C-Edge Technologies website, the company is a joint venture between the State Bank of India (SBI) and Tata Consultancy Services (TCS).
As a result of this attack, customers of banks serviced by C-Edge have been unable to access various payment systems, although no financial loss has been reported.
In response to the attack, the National Payment Corporation of India (NPCI) has temporarily disconnected C-Edge Technologies from accessing its retail payment network to prevent the spread of malware to other parts of the payment ecosystem.
On July 31, 2024, NPCI posted about the incident from its official X handle: “Regarding interruption in retail payments.”
Regarding interruption in retail payments pic.twitter.com/Ve32ac7WpQ
— NPCI (@NPCI_NPCI) July 31, 2024
Meanwhile, NPCI has initiated an audit to contain and mitigate the spread of the attack and is working urgently alongside C-Edge Technologies to restore the payment system as quickly as possible with a necessary security review in the process.
Dileep Sanghani, Chairman of the National Cooperative Union of India, reported that around 300 banks, including 17 district cooperative banks in Gujarat, that use C-Edge have been facing issues since July 29, 2024, with the C-Edge officials calling it a technical fault.
“All online transactions, such as RTGS and UPI payments, are affected. Money is deducted from the sender’s account but does not get credited in the receiver’s account,” said Sanghani, who is also the Chairman of Amreli District Central Cooperative Bank.
Despite the scale of disruption, the attack has impacted only about 0.5% of the payment system volumes in India, the sources, who are officials at a regulatory authority, said. They also assured that other banking services are functioning normally.
Neither C-Edge Technologies nor the Reserve Bank of India (RBI), which standardizes banking and payment systems in the country, have commented on the incident.
In light of this ransomware attack, banks and customers are advised to remain patient and vigilant regarding their transactions and any updates from the authorities.