The Unified Payments Interface (UPI) and Immediate Payment Service (IMPS) for 300 small and cooperative banks were disrupted on Wednesday following a ransomware attack on C-Edge Technologies, a technology service provider.

The National Payments Corporation of India (NPCI) reported that the affected banks were disconnected from the wider payment network to prevent a larger impact.

Incident Background

C-Edge Technologies, a joint venture between Tata Consultancy Services (TCS) and State Bank of India (SBI), was targeted in a ransomware attack, as stated on the company's website. This type of cyberattack involves unauthorized access to a system, where attackers encrypt data and demand a ransom for its decryption. To mitigate further risks, NPCI isolated C-Edge, which supports cooperative and regional rural banks, from the retail payment systems. Consequently, customers of the affected banks are unable to access payment services during this period.

Response and Restoration Efforts

NPCI is collaborating with C-Edge Technologies to restore services as swiftly as possible. In a post on X (formerly Twitter), NPCI mentioned that restoration efforts are underway on a "war footing." A comprehensive security review is being conducted to ensure system security before reconnecting to the payment network. Customers are advised to be patient and stay informed through updates from their banks and NPCI as restoration progresses.

Understanding Ransomware Attacks

A ransomware attack involves malware that encrypts files, denying access to the legitimate user, with hackers demanding a ransom in return. Ransomware can be categorized into different types:

  • Crypto ransomware: Encrypts files and demands payment for the decryption key.
  • Locker ransomware: Locks the user's screen, preventing access to the device without paying a ransom.
  • Double extortion: A newer tactic that not only encrypts files but also threatens to leak sensitive data if the ransom is not paid.