A ransomware attack that hit London-based financial services software provider Finastra late last week continues to reverberate, with end-users telling Computer Business Review that millions of dollars in financial transfers failed to arrive on time.
CEO Simon Paris apologised to customers this week for issues with missing financial wire transfers, after Finastra – the world’s third-largest fintech, with a sweeping global customer base – was forced to pull servers offline. The company is now working overtime to try to restore services, and process transactions lost in the attack.
Paris said: “We believe the attack came deliberately whilst we focused on moving the majority of our global workforce, including several thousand of our colleagues in the Americas, to safer work from home processes in light of COVID-19.”
He added: “The cyberattack… led us to take significant counter-measures to protect our customers, their data, and the integrity of our hosted systems and applications. We believe the attack came deliberately whilst we focused on moving the majority of our global workforce, including several thousand of our colleagues in the Americas, to safer work from home processes in light of COVID-19.”
Emails from affected customers suggest that Finastra is working overtime to ensure missing transactions arrive. One affected was Tim Hand, a retired banking veteran who spent over 30 years in the business, including as a Chief Operating Officer.
He told Computer Business Review that the proceeds from his house sale in the US had “vanished in cyberspace” as a result of the incident.
He said: “The bank I am using has a link to the British firm [Finastra] that does the wires; they have an online portal they use to initiate the wires. Sometime last Thursday things just started to disappear, some wires got issued; some cases – properly initiated – have resulted in funds apparently just stuck in cyberspace. I appreciate that many banks are running with very short staff right now, but I am yet to receive an explanation from anyone. I may have to resort to legal action.”
[UPDATED: Within minutes of us publising this report, Mr Hand told us that his funds had arrived, adding: “It is my understanding that some of the missing wires were lacking identification information so they had to be processed and sorted out manually (which obviously took some time).”]
A Finastra spokesperson told Computer Business Review: “As you know, at around 7am GMT / 3am EST on Friday March 20, 2020, we made the decision that it was necessary to voluntarily take our servers offline. This of course has an impact on the wire process. We are working closely with our clients to review their individual situations, with regards to which wires transferred and which did not. We are confident that this will be resolved as we work through steps to recover or complete these transactions.”
One staffer at another bank told us: “A lot of wires have been badly delayed. Tens of millions worth. They seem to be coming through now in drips and drabs now.”
Finastra’s CEO said in his Monday statement: “During the incident, we worked around the clock, aiming to ensure the least-possible disruption for our customers and partners. We provided regular updates to ensure that you had the latest essential information and, as we restore our services, I want you to know that our team was, and always is, 100% focused on our customers and their business needs.
“Throughout these last ~72 hours, my extended executive team and I, as well as our entire field and customer support teams, have fielded countless calls and discussions with customers and partners to keep them appraised in real-time. Customers and our ecosystem are, and always will be, at the center of our universe. On behalf of all of us at Finastra, please accept my apologies for any inconvenience.
“We will work relentlessly to honor your trust placed in us, every single day.”