Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Ransomware

Fintech Firm Finastra Recovering From Ransomware Attack

Attackers Targeted Corporate Network, Forcing Company to Shut Down IT Operations
Fintech Firm Finastra Recovering From Ransomware Attack

Finastra, a large financial services software provider based in London, continues to recover from a ransomware attack that forced the company to take its IT operations offline Friday to prevent further damage to its corporate network, according to the company's CEO.

See Also: OnDemand | How to Use Data Threat Analytics to Fight Ransomware

Finastra, founded in 2017, is one of the world's largest fintech firms, reporting revenue of $1.9 billion in 2019. Its software is used by some of the world's largest banks, according to the company’s website. It has offices in 42 countries with 10,000 employees, and it serves over 9,000 customers.

Finastra sells cloud-based and on-premises financial software, including mobile banking tools, to financial institutions, investment firms and retail outlets.

Ransomware Attack

CEO Tom Kilroy, who has posted a series of notices on the company’s website, on Monday noted that Finastra was still working to "restore full IT operations. As mentioned previously, our solutions each have their own nuanced processes to move from being available to operationally live, and we are working closely with impacted customers to move through these essential steps securely."

The ransomware attack. which started on Friday, forced Finastra to take its servers offline to prevent the malware from spreading further within its network, according to the online update. Kilroy did not offer details about the type of ransomware used in the attack on the company's infrastructure, but he noted that no customer or employee data apparently was inappropriately accessed or exfiltrated.

Kilroy also noted that any clients running their own software on Finastra's network were not affected. The company is working with U.K. law enforcement officials as well as security firms to investigate the incident.

The CEO didn't identify the ransomware strain or provide details about the ransom demanded by the threat actor, but he noted that no customer or employee data was accessed or exfiltrated by the threat actor. The company did not immediately respond to a request for comment.

Vulnerable VPNs?

Chicago-based threat intelligence firm Bad Packets noted in September 2019 that Finastra was one of several companies that were still using unpatched Citrix gateway servers that had known vulnerabilities that were being exploited by attackers (see: Patch or Perish: VPN Servers Hit by Ransomware Attackers).

In October 2019, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning that organizations needed to patch their VPN vulnerabilities, noting that advanced persistent groups were beginning to target these flaws.

When London-based foreign currency exchange firm Travelex was hit with a ransomware attack in January that crippled its operations, ComputerWeekly reported that the company was using Pulse Secure VPN servers that were not patched (see: Currency Exchange Travelex Held Hostage by Ransomware Attack).

According to a BBC report, the Sodinokibi ransomware gang, which also goes by the name REvil, claimed to have accessed Travelex's network six months before the January attack and had downloaded and encrypted about 5 GB of sensitive customer data, including dates of birth as well as payment and credit card data.

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.