Finastra, a company focused on providing a range of financial technology solutions to banks across the world, announced they were shutting down critical systems. The reason for taking drastic action was a response to a security breach. The public statement released by the company warned customers and the public, but it didn't mention the cause of the outage.
The company has offices present in over 42 countries, with more than $2 billion in reported revenues over 2019. The company has more than 10 thousand employees and over 9000 customers in 130 countries. They have nearly every single bank in the top 50 global banks as their customers.
Soon after the breach happened, US financial institutions forwarded a notice received from Finastra, mentioning the outage was expected to disrupt services, specifically those in North America. The company warning mentioned that they wish to inform their customers of a potential security breach being investigated. Finastra stated they are taking 'quick and strict remedial action' to isolate and investigate the matter. They also called the act an anomalous activity on their network, one that risked the integrity of their data centers.
A ransomware infection was the cause behind the outage
Finastra followed that up with an update, mentioning they were fighting a ransomware infection of their systems. The company mentioned there was no evidence of data exfiltration or any impact on their clients and employee data. They disconnected their servers from the internet, both in the US and elsewhere, then went in to secure the integrity of each server and to investigate the damage.
Finastra's Chief Operating Officer Tom Kilroy said they have an industry-standard security program working, plus the company is working on a review of their systems to ensure their data is safe and secure. Finastra is working together with the authorities and keeping in touch with customers impacted by the disruption in service, he added.
The company acknowledges the incident and released a notice on its website, one that mentions the incident as detection of anomalous activity, instead of a full breach of security. In the past, ransomware attacks were considered isolated extortion attempts, but now they have graduated into full-on data breaches for companies who fall victim. More and more ransomware-focused cybercriminals are working in the world to steal information and to launch their ransomware inside targeted businesses. Sometimes that data is published online to push companies to pay up, with mixed results, most often it ends up sold on the dark web.
The majority of Finastra employees are working from home, according to a company statement. The company mentioned it was the answer to the ongoing pandemic and not the incident.