News

UPI Services Impacted As Ransomware Attack Hits A Tech Service Provider For Banks

UPI Services Impacted As Ransomware Hits Tech Service Provider
SUMMARY

NPCI said it has temporarily isolated C-Edge Technologies from accessing NPCI’s retail payment systems to prevent “larger impact” on the payments ecosystem

While there was no clarity on which banks were impacted, C-Edge’s website mentions Meghalaya Cooperative Apex Bank and Maharashtra Gramin Bank as its new clients

A ransomware attack involves a malware that encrypts files and denies access to the actual user, with hackers demanding a ransom in return

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

In a development that will have a direct bearing on Unified Payments Interface (UPI) payments, the National Payments Corporation of India (NPCI) has said that C-Edge, a technology service provider for banks, has potentially been hit by ransomware attack. 

“It has been brought to NPCI’s notice that C-Edge Technologies Ltd, a technology service provider who caters mostly to cooperative and regional rural banks, has been possibly impacted by a ransomware attack impacting a few of their systems,” the NPCI said in a statement on Wednesday (July 31).

A ransomware attack involves a malware software that encrypts files and denies access to the actual user. Generally, in such cases, cyberattackers demand a ransom from the victims in return for a decryption key to enable the latter to gain access to their servers and files. 

The payments body also said that it has temporarily isolated C-Edge Technologies from accessing the NPCI’s retail payment systems to prevent “larger impact” on the payments ecosystem. 

It also said that the customers of the banks (primarily cooperative and rural banks) serviced by C-Edge will not be able to make UPI payments during the unspecified “period of isolation”.

“Restoration work is underway on a war-footing along with C-Edge Technologies and necessary security review is in process. Connectivity to the affected banks shall be restored at the earliest,” added the NPCI.

While there was no clarity on which banks were impacted, C-Edge’s website mentions Meghalaya Cooperative Apex Bank and Maharashtra Gramin Bank as its new clients. 

For the uninitiated, C-Edge Technologies is a joint venture (JV) between Tata Consultancy Services (TCS) and State bank of India (SBI). It offers SaaS and technology solutions to financial services companies. 

The development comes at a time when ransomware attacks are on the rise against Indian companies and government organisations. As per a report, nearly 64% of surveyed Indian organisations faced such attacks in 2023, with average ransomware demands hovering around $4.8 Mn. The report also noted that the median ransom paid was around $2 Mn.

A separate Kaspersky reported that 2.35 Lakh ransomware incidents hit businesses in India in 2023.

In 2022, All India Institute of Medical Services (AIIMS) Delhi too was hit by a major ransomware attack which saw hackers reportedly demanding INR 200 Cr in cryptocurrencies to provide the decryption key.

The likes of IndusInd Bank, Taj Hotels and RailYatri have also suffered data breaches or major cyber attacks in the recent past.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Recommended Stories for You