Skip to content

NPCI re-establishes connection with C-Edge after ransomware attack

  • by
  • 2 min read

The National Payments Corporation of India (NPCI) has restored its connection with C-Edge Technologies Ltd. after a ransomware attack on the company disrupted more than 300 small banks in India.

NPCI, after conducting an audit, confirmed that the affected systems were successfully quarantined and deemed the remaining infrastructure secure.

As a result, the impacted banks can now resume offering their complete array of services without disruption.

“NPCI connectivity with C-Edge Technologies Ltd. has been re-established following a security review by an independent forensic auditing firm. Investigation confirms that the impacted systems have been isolated by C-Edge to contain the potential spread of the ransomware,” NPCI said. “Further, necessary security review and scans have been conducted by the auditor to ensure that the rest of the infrastructure is clean.”

The ransomware incident reported on July 29 caused significant disruptions to the Unified Payment Interface (UPI) and Aadhaar-enabled payment systems (AePS), key rural digital banking infrastructure components.

As a precautionary measure, NPCI isolated C-Edge from accessing the payment system, resulting in customer service outages.

Photo: Arnav Pratap Singh / Shutterstock.com
India should take a cue from this incident and upgrade its banking infrastructure. | Photo: Arnav Pratap Singh / Shutterstock.com

NPCI further confirmed that the attack was limited to the C-Edge systems and had not affected bank data.

“The impact was limited to C-Edge systems hosted in their data centre and not on any of the cooperative banks or regional rural banks’ infrastructure. The services of co-operative banks and regional rural banks, dependent on C-Edge, have now been restored,” NPCI continued.

Despite this recovery, the incident underscored the vulnerability of India’s digital banking infrastructure. Due to inadequate cyber awareness among banking customers, the Reserve Bank of India (RBI) came out with a draft ‘Framework on Authentication Mechanisms for Digital Payment Transactions’, mulling the idea of an Additional Factor of Authentication (AFA).

As India expands its digital banking capabilities, the digital infrastructure should be upgraded, and the necessary expertise should be hired.

Banks, bank supervisory bodies like RBI, and payment controllers like NPCI should assess the cyber security situation and prepare accordingly.

In the News: Intel extends warranty for 13th and 14th-gen CPUs by two years

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>