India's small banks have been hit by a ransomware attack, forcing nearly 300 lenders offline, Reuters reported. The attack involved C-Edge Technologies, a key provider of banking technology. This unprecedented event has reportedly isolated these banks from the broader payment network, significantly impacting their ability to process transactions.
A Widespread Impact
The attack primarily affected C-Edge Technologies, which supplies banking technology to many of India's small banks. Now disconnected from the National Payment Corporation of India (NPCI) system, these banks were unable to process payments .
In response, the NPCI issued a public advisory on Wednesday, stating that it had briefly isolated C-Edge Technologies from accessing the retail payments system operated by NPCI. This step aims to contain the attack and prevent its spread to other parts of the payment network.
Despite the disruption, the overall impact on India's payment system remains minimal. According to regulatory officials, the affected banks constitute only about 0.5% of the country's payment system volumes. India has around 1,500 cooperative and regional banks, most of which operate outside major cities. The affected institutions are a small subset of these.
Ongoing Security Audits
The NPCI is conducting a thorough audit to ensure the ransomware does not spread further. This proactive step aims to safeguard the integrity of the broader payment system. In recent weeks, the Reserve Bank of India (RBI) and Indian cyber authorities have already warned banks about the increasing risk of cyberattacks.
Both C-Edge Technologies and the Reserve Bank of India have remained silent on the issue and have not responded to requests for comments. This lack of communication has left many unanswered questions, heightening the urgency and concern among the affected banks and their customers.
Interestingly, the financial industry has lost $12 billion in the last 20 years due to over 20,000 cases of cyberattacks, the International Monetary Fund reported in April. This emerging trend in cybersecurity is reportedly due to a surge in digitalization and geopolitical tensions.
Since the COVID-19 pandemic, the number of cyberattacks experienced by financial firms has doubled. The direct losses affecting companies in the sector have also jumped, more than quadrupling since 2017 to $2.5 billion.