A ransomware attack has disrupted payment systems at nearly 300 small Indian local banks after targeting C-Edge Technologies, a company that provides banking technology systems to these banks, according to two sources with direct knowledge of the incident.
C-Edge Technologies did not reply to a request for comment sent via email. Similarly, the Reserve Bank of India (RBI), which regulates the country's banking and payment systems, did not respond to Reuters' request for comment.
The National Payment Corporation of India (NPCI), which oversees payment systems, issued a public advisory late on Wednesday, stating that it had "temporarily isolated C-Edge Technologies from accessing the retail payments system operated by NPCI." The advisory noted that during this isolation period, customers of banks serviced by C-Edge would not have access to payment systems.
To prevent the attack's spread, nearly 300 small banks have been disconnected from the broader national payment network, according to sources from a regulatory authority. These sources indicated that most affected banks are small, with the disruption impacting only about 0.5% of the country's payment system volume.
India has approximately 1,500 cooperative and regional banks, primarily operating outside major cities, and some of these banks have been affected by the attack. The NPCI is conducting an audit to ensure that the attack does not propagate further, the second source added.