Small Indian banks back online after ransomware attack

A forensic audit firm carried out an extensive security review, concluding that the ransomware attack did not breach the individual systems of the banks but was confined to the systems of C-Edge Technologies.
A Ukrainian hacker linked to the Ryuk ransomware group has been extradited to the US after helping attackers breach corporate networks across multiple countries.

Nearly 300 small Indian banks that were forced offline by a ransomware attack have resumed operations, according to the National Payments Corporation of India (NPCI). The attack had targeted C-Edge Technologies, a service provider for these banks, affecting about one-fifth of 1,500 cooperative and rural regional banks in India.

To contain the attack, the NPCI had temporarily isolated the affected banks from the country’s retail payments system. A forensic audit confirmed that the attack did not spread to the banks’ systems but was limited to C-Edge’s infrastructure.

The impacted banks can now resume transactions through the United Payments Interface and other NPCI-operated payment systems. The ransomware attack, attributed to a group called RansomEXX, also affected Brontoo Technology Solutions, a key collaborator with C-Edge Technologies.