A ransomware attack on C-Edge Technologies, a firm providing technology solutions to small banks across India, has led to the temporary shutdown of payment systems at nearly 300 local banks, according to sources familiar with the situation.
The attack targeted C-Edge Technologies, which supports banking systems for numerous small financial institutions throughout the country. The company has yet to respond to requests for comment.
The Reserve Bank of India (RBI), which regulates banking and payment systems, has also not provided a statement on the incident.
The National Payments Corporation of India (NPCI), which oversees the country’s payment systems, announced late Wednesday that it has “temporarily isolated C-Edge Technologies from the retail payments system operated by NPCI.”
As a result, customers of banks relying on C-Edge will be unable to access payment systems during this isolation period.
To mitigate the impact, the banks were cut off from the broader payment network. According to regulatory officials, the disruption affects only about 0.5% of the total payment system volumes in the country.
Most of the affected banks are cooperative and regional institutions based primarily in smaller towns and rural areas. NPCI is currently auditing the situation to prevent further spread of the attack.
Recent warnings from the RBI and Indian cybersecurity authorities have highlighted the increasing risk of cyber attacks against banks in India, as confirmed by sources within the banking industry.
The attack also affected Brontoo Technology Solutions, a key collaborator of C-Edge Technologies. According to a report by cyber-security firm CloudSEK a ransomware group called RansomEXX was responsible for the attacks.
India has about 1,500 cooperative and rural regional banks, which largely serve customers in hinterland areas, one-fifth of which were affected by the attack.
