Indian fintech C-Edge hit by ransomware, disrupts 300 small banks

C-Edge Technologies Ltd., a service provider to co-operative and regional rural banks in India, has reportedly been hit by a ransomware attack. The attack has been attributed to the RansomEXX gang.

The initial breach occurred through a misconfigured Jenkins server at Brontoo Technology Solutions, exploiting a known vulnerability (CVE-2024-23897).

C-Edge Technologies Ltd. is a technology service provider specializing in banking and finance solutions. The company is a joint venture between Tata Consultancy Services Ltd. (TCS) and State Bank of India (SBI) and offers core banking solutions, digital payment systems, and compliance solutions, operating on a Software as a Service (SaaS) model.

The National Payments Corporation of India (NPCI) issued a statement on July 31 confirming the incident. NPCI has temporarily suspended all retail payments for the affected banks as a precaution.

Since the ransomware attack has led to the isolation of C-Edge from NPCI-operated retail payment systems, it's affecting services such as UPI and AePS. Approximately 300 small banks, including 200 co-operative banks and regional rural banks (RRBs), have been impacted, disrupting online transactions where money is deducted but not credited to the receiver’s account. However, other banking services such as cash withdrawals are reportedly functioning normally.

The attack may have caused a data breach of customer transaction data (RTGS and UPI payments), but no details are disclosed about specific data or number of affected individuals.

The NPCI is working with C-Edge Technologies to restore the affected systems and conduct a comprehensive security review. The Reserve Bank of India (RBI) has not commented on the incident.