Attack that impacted 300 banks attributed to RansomEXX Group: CloudSEK

The ransomware attack that crippled about 300 Indian banks is being attributed to RansomEXX Group. This was unveiled by an investigation done by cybercrime monitoring firm CloudSEK. 

“This group operates as part of a broader trend where ransomware developers continuously evolve their malware to bypass security defenses and maximize their impact,” CloudSEK’s report noted. In the past, RansomEXX has targeted a range of high-profile organizations across sectors including government agencies, healthcare providers, and multinational corporations. Its past victims include Telecommunications Services of Trinidad and Tobago, Ministry of Defense of Peru, Kenya Airways, and Ferrari.

To be sure, the National Payments Corporation of India (NPCI) issued a notice on Wednesday which said that C-Edge Technologies Ltd, a technology service provider that services majorly cooperative and regional rural banks has been struck by a ransomware attack. The customers of the impacted banks were temporarily not able access services such as cash withdrawal and using UPI. At the time, NPCI disclosed that it has temporarily isolated C-Edge Technologies from accessing the retail payment systems it operates.

The breach at C-Edge, which is a joint venture between SBI and TCS, was discovered two days prior to when the issues started surfacing. The impacted entity in this attack was Brontoo Technology Solutions, a key collaborator with C-Edge. As per the report filed by Brontoo with the Indian Computer Emergency Response Team (Cert-In), the attack happened due to  a misconfigured jenkins server. Jenkins is a open-source automation server. 

“Transaction security is an ongoing battle where complete protection may be unattainable, but constant preparedness is non-negotiable. Technology service providers and banks need to significantly ramp up investments in new-age technologies to address these challenges effectively,” said Deepak Chand Thakur, Co-founder and CEO, NPST. “By employing AI and ML algorithms, financial institutions can greatly enhance their fraud detection capabilities. These technologies can flag deviations from normal transaction patterns, enabling proactive identification and mitigation of potential threats.”

In the recently launched report on Currency and Finance – 2023-24 , the Reserve Bank of India cautioned about cybersecurity risks due to increase in digitisation which could further hamper financial stability, while also acknowledging benefits like competition enhancement, cost reduction, and accessibility.