Bank tech vendor Finastra hit with ransomware attack

Register now

Finastra, a bank technology company in London that has more than 9,000 customers, including 90 of the top 100 global banks, was working Monday to bring servers back online that were hit by a ransomware attack late last week.

Some U.S. bank customers are affected by the incident, which occurred Friday. The company says it took some of its servers offline while it investigated the incident.

“As we bring our servers back online, we are working closely with [U.S. customers] to ensure they are operationally live,” a Finastra spokesperson said Monday morning.

Most Finastra customers contacted for this story did not respond. However, several banks posted notices on their websites saying some of their services were down and that they were working with their vendor to restore them. One Finastra customer, the $2.9 billion-asset Southern Bank and Trust in Mount Olive, N.C., said that its mobile deposit function is temporarily unavailable and it is working with its technology partner to restore access.

Meanwhile, the $1.3 billion-asset State Bank of Southern Utah in Cedar City, which according to Finastra's website uses Fusion software for account opening and loan origination, seemed to be up and running.

Many U.S. bank customers of Finastra are users of the Fusion Phoenix core system from Misys or payment or mortgage software from D+H. Misys and D+H were merged to form Finastra in 2017. Others are customers of the mobile banking software provider Malauzai, which Finastra acquired in 2008.

For a bank, an outage in a core banking system — the software that handles all daily transactions — can be crippling. The Fusion Phoenix core system has been around for decades and is, technologically speaking, the beating heart for many banks. A shutdown in mobile banking is also devastating, especially during the coronavirus outbreak when banks are shutting down branches and encouraging people to connect over mobile and online banking.

Finastra did not offer a timeline for when its customers' services would be up and running.

“Because our solutions each have their own nuanced processes to move from being available to operationally live, each of our products will be back once readiness steps are completed,” Chief Operating Officer Tom Kilroy in a statement posted Sunday night on the Finastra website.

The company does not think any customer or employee data was accessed or removed, nor that any clients’ networks were harmed, Kilroy said. Customers running Finastra software in their own environments were not affected, according to Kilroy. Finastra brought in an independent cybersecurity firm to assist in investigating, containing and eliminating the threat, he said.

The company has not said how the intrusion occurred or whether it has paid ransom to the attackers.

Al Pascual, a longtime security analyst who is the COO of Breach Clarity, said he is worried about what happens to the source code in an attack of this nature.

“If someone gets ahold of that source code, they may not find a vulnerability right away, but in time, they certainly could,” he said.

Finastra “is going to have to be very transparent about what was taken,” Pascual said. “Banks and credit unions are going to have regulators come in and want to understand the extent of what really happened, and they're going to have to open everything up.”

There will be more incidents like this in the next few months, Pascual warned, as hackers take advantage of the disruption caused by COVID-19.

“I would say this is a canary in a coal mine,” he said. “These aren't going to go away.”

For reprint and licensing requests for this article, click here.
Cyber security Cyber attacks Core systems Cloud computing Ransomware Cloud computing