As the London-based banking software maker Finastra was developing emergency plans to reckon with the coronavirus pandemic in mid-March, hackers stealthily broke into the company’s systems, stole employee passwords, and installed backdoors in dozens of Finastra’s servers. For three days, the hackers’ presence went unnoticed. But the hackers’ activity on a Finastra cloud servers set off a tripwire that alerted the company, prompting the hackers to deploy Ryuk ransomware in the systems.
Finastra’s information security team quickly decided to pull all of its potentially-infected servers offline, thwarting the hackers but simultaneously cutting off critical parts of Finastra’s business.
On March 23, Finastra CEO Simon Paris said he believes the hackers specifically timed their attack, seeking to take advantage of distraction and confusion during the worsening pandemic. Finastra would not response to specific questions about the hack, response, and aftermath, pointing out that its “ability to resume operations in a relatively short space of time reflects” the success of its chosen plan.