Summarize

Simplifying... Inshort

A cyberattack on C-Edge Technologies led to nearly 300 Indian banks being temporarily disconnected from the National Payment Corporation of India's retail payment network.
This precautionary move was to prevent the spread of the unidentified ransomware, causing disruptions in payment services like ATM withdrawals and UPI transactions.
Despite the large number of affected banks, they represent only 0.5% of India's total payment system volumes.

Was a long read? Making it simpler...

Next Article

Cyberattack has disrupted operations of small Indian banks

Which ransomware crippled 300 Indian banks

By Akash Pandey

Aug 01, 2024

12:16 pm

What's the story

A significant ransomware attack has disrupted the operations of nearly 300 Indian banks, mainly affecting rural and cooperative institutions. The cyberattack targeted C-Edge Technologies, a primary provider of banking solutions for these entities, leading to significant outages in payment systems. C-Edge Technologies is a joint venture between Tata Consultancy Services (TCS) and the State Bank of India (SBI). This incident has raised serious concerns about the cybersecurity practices in place for rural banking infrastructure.

Countermeasures

NPCI's response and impact on payment services

The National Payment Corporation of India (NPCI) responded swiftly to the attack by temporarily severing C-Edge Technologies's access to its retail payment network. This precautionary measure was taken to stop the potential spread of the cyber threat. As a result, customers of the impacted banks found themselves unable to use payment services, including ATM withdrawals and UPI transactions.

Damage assessment

Regulatory authorities conduct audits post-cyberattack

Regulatory authorities have started conducting comprehensive audits to evaluate the extent of the attack and prevent further issues. The NPCI has issued an advisory stating that banks affected by the disconnection will face payment service interruptions during this isolation period. This measure is designed to protect the country's overall payment infrastructure.

Impact analysis

Extent of disruption and ongoing risk management

Officials have revealed that while nearly 300 banks have been cut off from the network, these banking institutions represent a minor segment of about 0.5% of India's total payment system volumes. To manage the situation and prevent further risks, the NPCI is currently performing an audit. Both the Reserve Bank of India (RBI) and cyber authorities had previously alerted financial institutions to the possibility of cyberattacks in recent weeks.

Security concerns

Which ransonware was used?

Determining the specific ransomware used in a particular attack can be challenging and often requires in-depth forensic analysis by cybersecurity experts. As of now, none of the authorities have revealed the ransomware variant. In the Indian context, Lockbit was a majorly seen variant followed by Makop and DJVU/Stop ransomware, as per a 2022 Cert-In report. In 2022, many new variants were also observed such as Vice society and BlueSky. Some other notorious ransomware families include WannaCry, Locky, Ryuk, and REvil.