In a significant cybersecurity incident, a ransomware attack on C-Edge Technologies, a key technology service provider for small banks across India, has forced the temporary shutdown of payment systems for nearly 300 local financial institutions.
Sources familiar with the situation disclosed that the attack necessitated immediate action to isolate affected banks from the broader payment network, according to Reuters.
C-Edge Technologies did not respond to multiple requests for comment, and the Reserve Bank of India (RBI), the country's primary banking and payment systems regulator, also declined to provide a statement.
Late Wednesday, the National Payment Corporation of India (NPCI), which oversees payment systems in the country, issued a public advisory confirming that it had “temporarily isolated C-Edge Technologies from accessing the retail payments system operated by NPCI.”
The advisory noted that “customers of banks serviced by C-Edge will not be able to access payment systems during the period of isolation.”
The isolation is a precautionary measure aimed at preventing any broader impact on the nation’s payment infrastructure. According to officials from a regulatory authority, nearly 300 small banks, which predominantly operate outside major urban centres, have been cut off from the payment network. Despite the scale of the disruption, one source indicated that these banks account for only about 0.5% of the country's overall payment system volumes.
To assess the situation and mitigate further risks, the NPCI is currently conducting an audit. Additionally, both the RBI and Indian cyber authorities have previously issued warnings to financial institutions concerning potential cyber threats in recent weeks.