Customers of several small-sized banks affected as tech provider C-Edge suffers ransomware attack

Customers of around 300 small-sized lenders across the country have not been able to access payments services like withdrawing cash at ATMs or using UPI due to a ransomware attack at technology service provider C-Edge Technologies.

The impact was felt by customers of cooperative banks and regional rural banks which depend on C-Edge, a joint venture between SBI and TCS, officials said, adding that other banking services were functioning normally.

The issues are being faced for the last two days after the discovery of a breach of the system at C-Edge, they said, adding that necessary precautions, starting with isolating the C-Edge system, had to be taken to protect the larger payments system.

There has, however, not been any report of financial loss because of the breach, they said.

“C-Edge Technologies has been possibly impacted by a ransomware attack impacting a few of their systems,” the National Payments Corporation of India (NPCI) said, in a late evening statement, adding that it had to temporarily isolate C-Edge from accessing the retail payment systems operated by NPCI.

Restoration is being undertaken on a war footing along with C-Edge Technologies and a necessary security review is in process, it added.

Meanwhile, a senior industry official said a ransomware has been found in the system and isolated, following which a third party audit was conducted. If all goes to plan, the system should be running by Thursday morning or afternoon, he added.

The impacted banks account for less than 1% of the overall payment system volume in the country, the official stressed.

National Cooperative Union of India Chairman Dileep Sanghani said nearly 300 banks in India, including 17 district cooperative banks in his home state of Gujarat, that use C-Edge have been experiencing issues for the last two-three days.

“All online transactions, such as RTGS and UPI payments, are affected. Money is deducted from the sender's account but does not get credited in the receiver's account," said Sanghani, Chairman of Amreli District Central Cooperative Bank.

He said banks have been suffering since July 29, and the software company’s officials are calling it a technical fault.

No one from C-Edge was immediately available for a comment. 

“The solutions and services provided by us have a strong domain and technology focus that assists all our clients to maximise the value of their IT spend, reduce transaction costs and enhance customer satisfaction,” the company's website said.