UK-based Fintech firm Finastra has reportedly taken some of its servers offline after discovering “potentially anomalous activity” on its computer systems.
To quote a statement from Finastra:
“During the period immediately prior to March 20th, 2020, the Finastra IT security and risk teams actively detected, through our own monitoring, that a bad-actor was attempting to introduce malware into our network in what appears to have been a common ransomware attack. Unfortunately, this type of malware and criminal activity is increasingly common in today’s environment and is targeted at companies across many sectors, not only those involved in technology.”
Finastra said that on Friday, March 20th, 2020, they made the decision that it was necessary to take their servers offline to secure their network and protect client data.
“We are in touch directly with any customers who may be impacted. Safeguarding our assets and those of our customers remains paramount.”
Finastra also sent a notice to its clients, which was reportedly seen by security specialist Brian Krebs. The Fintech firm has described the incident as a “potential security breach” and has cautioned users that it’s “anticipating some disruption to certain services, particularly in North America.”
At present, the company’s servers have gone offline, and it has also shut down some business offices based in London and Canada. Most of Finastra’s employees have been working from home because of the coronavirus (COVID-19) outbreak.
As reported by Krebs, Finastra’s management had, at first, not mentioned what may have caused the outage. However, they have now claimed it is most like a malicious ransomware attack.
The company issued an update at 5:21 ET, noting:
“At this time, we strongly believe that the incident was the result of a ransomware attack and do not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted.”
The firm added:
“Our approach has been to temporarily disconnect from the internet the affected servers, both in the USA and elsewhere, while we work closely with our cybersecurity experts to inspect and ensure the integrity of each server in turn. Using this ‘isolation, investigation and containment’ approach will allow us to bring the servers back online as quickly as possible, with minimum disruption to service, however we are anticipating some disruption to certain services, particularly in North America, whilst we undertake this task. Our priority is ensuring the integrity of the servers before we bring them back online and protecting our customers and their data at this time.”
Finastra has stated they do not have any evidence that any customer or employee data was accessed or exfiltrated, nor do they believe their clients’ networks were impacted. Finastra said they are cooperating with the “relevant authorities” and are in touch directly with any customers who may be impacted as a result of disrupted service.
London-headquartered Finastra has offices in 42 countries. It generated over $2 billion in revenue during 2019. The firm has over 10,000 professionals on its payroll, and claims more than 9,000 customers, based in 130 countries. Its customers include almost all of the world’s 50 largest banks.