BridgePay payments system knocked offline by ransomware attack

(Image credit: Future)

BridgePay hit by ransomware attack, forcing payment gateway services offline across the US
Company says no payment card data compromised; investigation ongoing with forensic teams including US Secret Service
Outage disrupted merchants nationwide, impacting APIs, virtual terminals, and forcing many to accept cash only

BridgePay, a major US payment gateway, suffered a ransomware attack late last week that knocked its services offline and caused problems for services across the country.

On a dedicated incident response page, BridgePay said on Friday that the outage it was experiencing, which forced its systems temporarily offline, was the result of a ransomware attack.

To contain and mitigate the threat, the company brought in specialized forensic and recovery teams, including the US Secret Service forensic team.

“Initial forensic findings indicate that no payment card data has been compromised, and any files that may have been accessed were encrypted,” the notification reads. “At this time, there is no evidence of usable data exposure.”

The newest update, posted on Sunday afternoon, said the investigation, as well as remediation efforts, were still ongoing.

So far, we don’t know who the threat actors are, or how they broke in. Usually, cybercriminals would either exploit a vulnerability in network-connected devices, or obtain login credentials through social engineering and phishing.

Also, the crooks would exfiltrate sensitive data from compromised systems, as leverage during the negotiation process. They would usually demand payment in Bitcoin, in exchange for deleting the data. For victims that don’t comply, their data ends up on the dark web.

The effects of the attack are felt throughout industries. BleepingComputer reports that many US merchants and organizations were forced to accept only cash. Multiple services were affected, including BridgePay Gateway API (BridgeComm), PayGuardian Cloud API, MyBridgePay virtual terminal and reporting, and many others.

Via BleepingComputer

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News andadd us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Which countries are best-placed to resist state-supported cyber-attacks? A government advisor explains

Hacked, leaked, exposed: Why you should never use stalkerware apps

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

Hackers Deliver Global Group Ransomware Offline via Phishing Emails

Black Basta Bundles BYOVD With Ransomware Payload