The National Payments Corporation of India (NPCI) has successfully restored connectivity with C-Edge Technologies Ltd., following a significant ransomware attack that disrupted Unified Payments Interface (UPI) transactions earlier this week.
The attack, which was first reported on July 31, 2024, led to a temporary isolation of C-Edge Technologies from NPCI’s retail payment systems to mitigate potential risks to the broader payment ecosystem.
C-Edge Technologies, a crucial technology service provider primarily serving cooperative and regional rural banks, experienced a ransomware incident that affected some of its systems.
Ransomware is malicious software that encrypts files, rendering them inaccessible until a ransom is paid.
This incident led to a halt in UPI payments for customers of the affected banks, causing considerable inconvenience.
NPCI’s Response and Actions Taken
In response to the attack, NPCI took immediate action by isolating C-Edge Technologies to prevent further spread of the ransomware and safeguard the integrity of the payment systems.
During this period, customers of banks served by C-Edge Technologies were unable to access payment systems, which significantly impacted the ability to perform UPI transactions.
An independent forensic auditing firm was engaged to conduct a comprehensive security review of the affected systems.
The investigation confirmed that the ransomware’s impact was confined to C-Edge’s own data center infrastructure and did not extend to the cooperative or regional rural banks’ internal systems.
Restoration of Services
As a result, the services of these banks, which had been disrupted, have now been fully restored.
NPCI’s prompt action and the subsequent security review have ensured that the rest of the infrastructure remains secure.
The forensic auditor’s report confirmed that the necessary scans and security measures were implemented to clean and secure the systems, allowing NPCI to re-establish connectivity.
The restoration of services means that customers of cooperative and regional rural banks, which rely on C-Edge Technologies for their technology needs, can now resume their usual banking activities, including UPI transactions, without further disruption.
Cybersecurity Concerns and Trends
This incident underscores a growing concern about cybersecurity in India, where ransomware attacks have become increasingly frequent.
According to recent reports, nearly 64% of Indian organizations encountered ransomware attacks in 2023, with an average ransom demand of around $4.8 million.
Additionally, Kaspersky’s data indicates that Indian businesses experienced approximately 2.35 Lakh ransomware incidents last year.
The attack on C-Edge Technologies follows other notable cyber incidents in India, such as the 2022 attack on AIIMS Delhi and data breaches affecting IndusInd Bank and Taj Hotels.
These events highlight the urgent need for robust cybersecurity measures to protect critical infrastructure and financial systems.
About NPCI
The National Payments Corporation of India (NPCI), established in 2008, is a key organization managing retail payment and settlement systems in India.
NPCI has revolutionized payments in the country through various products, including RuPay cards, IMPS, UPI, BHIM, AePS, NETC, and Bharat BillPay.
Its mission is to drive innovations in digital payments, enhancing security, accessibility, and cost-efficiency to support India’s goal of becoming a fully digital society.