TAG: GS 3: SCIENCE AND TECHNOLOGY, GS 3: ECONOMY
THE CONTEXT: On July 31, the National Payments Corporation of India (NPCI) reported a significant cybersecurity incident affecting C-Edge Technologies Ltd., a technology service provider predominantly serving cooperative and regional rural banks (RRBs) across India.
EXPLANATION:
- The Mumbai-based company is a key player in the digital infrastructure supporting these banks.
- It was “possibly” hit by a ransomware attack, leading to substantial disruptions in the financial operations of the affected banks.
Immediate Actions Taken by NPCI
- In response to the attack, NPCI took swift action by temporarily suspending all retail payment services in the impacted banks.
- This suspension includes critical services such as Unified Payments Interface (UPI) and Aadhaar-enabled Payment Systems (AePS).
- The decision to halt these services was a precautionary measure to prevent further damage and to contain the spread of the attack.
Scope and Impact of the Attack
- The ransomware attack has primarily affected smaller cooperative banks and RRBs.
- It is estimated that approximately 200 banks associated with C-Edge Technologies Ltd. have experienced disruptions in their digital payment services.
- An official from a State Bank of India (SBI)-sponsored regional rural bank confirmed the widespread impact, noting that the issue was first reported to authorities on July 29.
- While the official emphasized that cash operations remain unaffected, the outage in NPCI services, particularly UPI and AePS, has caused significant inconvenience to customers who rely on these digital payment methods.
Differentiated Impact on RRBs
- It is important to note that not all RRBs have been equally affected.
- Some RRBs, depending on their affiliations with different sponsor banks, utilize alternative technology service providers.
- As a result, these banks have continued their operations as usual, unaffected by the breach at C-Edge Technologies Ltd.
- This variability in service provider dependency has created a patchwork effect, where some rural regions are facing severe disruptions while others remain operational.
Expected Restoration and Containment Efforts
- Authorities and technical teams are actively working to resolve the issue.
- NPCI has expressed hope that the problem will be contained and services restored by the following day.
- This optimistic timeline underscores the urgency with which the NPCI and affected banks are addressing the ransomware attack.
- The primary focus is on isolating the infected systems, restoring normal operations, and ensuring that customers regain access to essential digital payment services as quickly as possible.
Broader Implications and Concerns
- This incident highlights the vulnerability of smaller financial institutions, particularly those in rural areas, to cyberattacks.
- The reliance on a single technology service provider like C-Edge Technologies Ltd. for critical banking infrastructure has exposed systemic risks.
- The attack also raises concerns about the preparedness and resilience of cooperative banks and RRBs in facing sophisticated cyber threats.
- While the immediate focus is on recovery, this event may prompt a broader reassessment of cybersecurity measures and contingency planning across India’s financial sector.
RRBs (Regional Rural Banks)
- RRBs are financial institutions which ensure adequate credit for agriculture and other rural sectors.
- Regional Rural Banks were set up based on the recommendations of the Narasimham Working Group (1975), and after the legislations of the Regional Rural Banks Act, 1976. The first Regional Rural Bank “Prathama Grameen Bank” was set up in 1975.
- The equity of a regional rural bank is held by the Central Government, concerned State Government and the Sponsor Bank in the proportion of 50:15:35
- Regional Rural Banks (RRB) are Indian Scheduled Commercial Banks (Government Banks) operating at regional level in different states of India.
- They have been created with a view of serving primarily the rural areas of India with basic banking and financial services.
- However, RRBs may have branches set up for urban operations and their area of operation may include urban area too.
- The area of operation of RRBs is limited to the area as notified by Government of India covering one or more districts in the State. RRBs perform various functions in following heads:
- They Carry out government operations like disbursement of wages of MGNREGA workers, distribution of pension etc.
- They provide Para-Banking facilities like locker facilities, debit and credit cards, mobile banking, internet banking, UPI etc.
What is Ransomware?
- Ransomware is a type of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data.
- This type of attack takes advantage of human, system, network, and software vulnerabilities to infect the victim’s device, which can be a computer, printer, smartphone, wearable, point-of-sale (POS)terminal, or other endpoint.
- Ransomware is typically spread through spear phishing emails that contain malicious attachments in the form of archived content files.
- Other methods used to infect devices include drive-by-download, a cyber-attack that unintentionally downloads malicious code onto a device, and specially crafted web links in emails, clicking on which downloads malicious code.
- The ransomware reportedly also spreads through insecure Remote Desktop connections.
Ransomware Attack Examples
- WannaCry
- WannaCry is an encrypting ransomware that exploits a vulnerability in the Windows SMB protocol and has a self-propagation mechanism that lets it infect other machines.
- WannaCry is packaged as a dropper, a self-contained program that extracts the encryption/decryption application, files containing encryption keys, and the Tor communication program.
- Cerber
- Cerber is ransomware-as-a-service (RaaS) and is available for use by cybercriminals, who carry out attacks and spread their loot with the malware developer.
- Cerber runs silently while it is encrypting files and may try to prevent antivirus and Windows security features from running to prevent users from restoring the system.
- NotPetya and Petya
- Petya is ransomware that infects a machine and encrypts an entire hard drive by accessing the Master File Table (MFT).
- This makes the entire disk inaccessible, although the actual files are not encrypted. Petya was first seen in 2016 and was spread mainly through a fake job application message linking to an infected file stored in Dropbox. It only affected Windows computers.
- Petya requires the user to agree to give it permission to make admin-level changes. After the user agrees, it reboots the computer, and shows a fake system crash screen while it starts encrypting the disk behind the scenes. It then shows the ransom notice.