Fintech company Finastra hit by ransomware

FinastraImage: Adam Nowakowski, Finastra, ZDNet

Finastra, a London-based company that provides financial software and adjacent services to the world’s banking sector, has disclosed a security incident today.

In a statement posted on its website, the fintech giant said it was infected with ransomware strain. The UK company said it discovered the intrusion into its systems after staff detected what they described as “potentially anomalous activity.”

“Out of an abundance of caution, we immediately acted to take a number of our servers offline while we continue to investigate,” Tom Kilroy, the company’s Chief Operating Officer said in a public statement.

Notifications were also sent to the company’s customers and employees who were directly impacted by the server shutdowns. In calls with customers, the company promised to have all impacted servers up and running by Monday morning.

Once the security breach became public knowledge earlier today, security researchers were quick to point out Finastra’s less than stellar security posture.

Threat intel firm Bad Packets said that its internet-wide scans had discovered last year that the fintech company had run unpatched servers for a long time, leaving its systems exposed to attacks.

According to Bad Packets, Finastra ran outdated Pulse Secure VPN servers last year, and also ran outdated Citrix servers earlier this year.

Both server technologies had been plagued by severe vulnerabilities that were mass-exploited by hackers for the past months — including by both ransomware gangs and state-sponsored groups [1, 2].

At the time of writing, Finastra has declined to share details about what happened on its systems, citing an ongoing investigation; however, the company said that it did not find “any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted.”

Updated at 7:10pm ET with new information from the Finastra press release, after the company publicly admitted that the incident was a ransomware attack.

READ MORE HERE