A ransomware attack on a technology service provider has forced payment systems across nearly 300 small Indian local banks to shut down temporarily, according to two sources directly aware of the matter. The attack targeted C-Edge Technologies, a provider of banking technology systems to small banks across the country. C-Edge Technologies has not responded to an email seeking comment on the issue.
The Reserve Bank of India (RBI), which regulates the country's banking and payment systems, did not respond to Reuters' request for comment. The National Payment Corporation of India (NPCI), which oversees payment systems, issued a public advisory late on Wednesday stating that it had "temporarily isolated C-Edge Technologies from accessing the retail payments system operated by NPCI". Consequently, customers of banks serviced by C-Edge will not be able to access payment systems during the period of isolation.
Nearly 300 small banks have been isolated from the country’s broader payment network to prevent any wider impact, according to the sources, who are officials at a regulatory authority. "Most of these are small banks and only about 0.5 percent of the country’s payment system volumes would be impacted,” one of the sources said.
India has nearly 1,500 cooperative and regional banks, which mostly operate outside big cities. It is some of these banks that have been affected by the ransomware attack. NPCI is conducting an audit to ensure that the attack does not spread, the second source added.
The RBI and Indian cyber authorities have warned Indian banks about possible cyber attacks in the past few weeks, according to banking industry sources and the first source. This recent incident highlights the vulnerability of smaller banks to cyber threats and the importance of robust cybersecurity measures in the banking sector. The authorities are working to resolve the issue and restore normalcy as soon as possible, while also ensuring that similar attacks are prevented in the future.