Amidst lockdown due to the global pandemic, UK-based firm Finastra has suffered a ransomware attack. The fintech company halted its services following the attack, whilst pledging to be back online soon.
Finastra Discloses Ransomware Attack
Reportedly, the London-based financial technology firm Finastra has revealed a ransomware attack on its systems. Sharing the details in a security notice, the CEO, Tom Kilroym stated that they noticed some potentially anomalous activity on their systems. Digging further into the matter revealed a ransomware attack.
At this time, we strongly believe that the incident was the result of a ransomware attack.
Following the attack, the company took down their services as a precaution. Though, since the news was not disclosed initially, it caused panic as the services suddenly went offline. However, they now have clarified the matter.
Out of an abundance of caution and to safeguard our systems, we immediately acted to voluntarily take a number of our servers offline while we continue to investigate.
The company disclosed the matter on March 20, 2020. And the following day, they confirmed containment of the threat.
Following Friday’s incident, and detection of potentially anomalous activity in our systems, we have successfully contained the threat.
At present, they assure that the attack did not affect their clients’ network and the employee or customer data also remained safe during the incident.
Upon detecting the security breach, Finastra began investigations involving a forensic firm. They also said they are conducting a system review to ensure the safety of their employee or customer data.
While their services are presently offline, they have pledged to be back online soon as their staff is working diligently for remediation.
Remediation work is continuing around the clock, and Finastra aims to restart production in a controlled manner as soon as is safe to do so.
Apart from this formal disclosure, Finastra CEO hasn’t shared anything regarding how the incident happened, what kind of ransomware did they come across, and for how long it remained active. Yet, Bad Packets’ tweets hint that the company used to run outdated Citrix servers earlier this year and outdated Pulse Secure VPN servers in 2019, both of which have established vulnerabilities. Perpetrators even targeted vulnerable Citrix servers with Ragnarok ransomware.