UK Fintech company Finastra hit by a cyber attack

The financial technology firm Finastra announced it has suffered a ransomware attack that took down its some of its systems.

Finastra, the UK leading financial technology provider, announced that some of its servers were shut down in response to a ransomware attack that the company detected.

Finastra provides financial software and services to more than 9,000 customers worldwide, it has over 10,000 employees and $1.9 billion in revenues.

The company did not disclose details of the attack, it only announced to have detected an anomalous activity on its systems.

Cybersecurity blogger Brian Krebs reported that the company suffered a security breach that led to the disruption of some services. Krebs said the company’s response to the incident suggests that it was a ransomware attack.

“Earlier today, our teams learned of potentially anomalous activity on our systems. Upon learning of the situation, we engaged an independent, leading forensic firm to investigate the scope of the incident. Out of an abundance of caution and to safeguard our systems, we immediately acted to voluntarily take a number of our servers offline while we continue to investigate.” reads the data breach notification published by the company.

“At this time, we strongly believe that the incident was the result of a ransomware attack and do not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted.”

The company immediately started the activities to resolve the problem and launched an internal investigation. Finastra also engaged a leading forensic firm to investigate the extent of the incident. The company also informed the relevant authorities and impacted customers.

“Following Friday’s incident, and detection of potentially anomalous activity in our systems, we have successfully contained the threat. At this time, we do not have any evidence that customer or employee data was accessed or exfiltrated.” reads an update provided today. “Remediation work is continuing around the clock, and Finastra aims to restart production in a controlled manner as soon as is safe to do so. We will keep you fully informed as we progress.”

Experts from cyber-security firm Bad Packets speculate attackers might have exploited the CVE-2019-11510 vulnerability to compromise unpatched Pulse Secure VPN servers at the Fintech firm.

Bad Packets revealed that at least until January 11, 2020, four Citrix vulnerable servers were exposed online.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Finastra, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.