UK Fintech company Finastra hit by a cyber attack

The financial technology firm Finastra announced it has suffered a ransomware attack that took down its some of its systems.

Finastra, the UK leading financial technology provider, announced that some of its servers were shut down in response to a ransomware attack that the company detected.

Finastra provides financial software and services to more than 9,000 customers worldwide, it has over 10,000 employees and $1.9 billion in revenues.

The company did not disclose details of the attack, it only announced to have detected an anomalous activity on its systems.

Cybersecurity blogger Brian Krebs reported that the company suffered a security breach that led to the disruption of some services. Krebs said the company’s response to the incident suggests that it was a ransomware attack.

“Earlier today, our teams learned of potentially anomalous activity on our systems. Upon learning of the situation, we engaged an independent, leading forensic firm to investigate the scope of the incident. Out of an abundance of caution and to safeguard our systems, we immediately acted to voluntarily take a number of our servers offline while we continue to investigate.” reads the data breach notification published by the company.

“At this time, we strongly believe that the incident was the result of a ransomware attack and do not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted.”

The company immediately started the activities to resolve the problem and launched an internal investigation. Finastra also engaged a leading forensic firm to investigate the extent of the incident. The company also informed the relevant authorities and impacted customers.

“Following Friday’s incident, and detection of potentially anomalous activity in our systems, we have successfully contained the threat. At this time, we do not have any evidence that customer or employee data was accessed or exfiltrated.” reads an update provided today. “Remediation work is continuing around the clock, and Finastra aims to restart production in a controlled manner as soon as is safe to do so. We will keep you fully informed as we progress.”

Experts from cyber-security firm Bad Packets speculate attackers might have exploited the CVE-2019-11510 vulnerability to compromise unpatched Pulse Secure VPN servers at the Fintech firm. 

Bad Packets revealed that at least until January 11, 2020, four Citrix vulnerable servers were exposed online.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Finastra, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]