A ransomware attack on U.S. payments platform provider BridgePay is having ripple across the country, leaving many entities—including restaurants and municipal organizations—unable to accept card payments.
BridgePay confirmed the attack last Friday, saying it had enlisted federal law enforcement as well as external forensic and recovery teams. According to a status update on the company’s website, the outage remains ongoing.
While the attack has rendered several core systems inoperable, the company said it has found no evidence of a payment card data compromise. BridgePay emphasized that any data accessed or stolen during the incident was encrypted.
Cash Only for the Time Being
Merchants that rely on BridgePay’s platform reported being forced to accept cash-only payments due to the card processing outage. Jimmy’s Roadhouse Bar & Grill in Michigan announced it could accept only cash on Super Bowl Sunday.
For municipal customers, the situation was more complex. The government of Palm Bay, Florida, reported that the city’s online billing payment portal was unavailable and didn’t have a timeframe for when the issue would be resolved. Residents were asked to make utility payments in person using cash, card, or check.
When Ransomware Fans Out
Ransomware attackers have increasingly targeted points of centralization in digital infrastructure, where an attack against a single provider can have cascading consequences for businesses nationwide—or even globally. An ransomware attack last year against Salesforce resulted in the theft of more than 1 billion customer records. More than 40 companies were affected, ranging from AirFrance to Walgreens. By accessing tokens and signing credentials, the criminals were able to move laterally and silently from one compromised vendor to another.
Another extortion campaign last year targeted Oracle’s E-Business Suite, giving criminals access to payroll, finance, and HR databases at numerous organizations. Nearly 30 major business were impacted, including Mazda and Estee Lauder.
Such incidents underscore the risks posed by centralized service providers and highlight the growing importance of cyber resiliency—the ability of organizations to withstand, adapt to, and recover from cyberattacks.
“Retailers and independent payments providers are at increasing risk because their cyber resiliency strategies have not evolved to address emerging risks,” said Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “Retailers and independent payments networks fail to address emerging cyber risks holistically. They need to bring in a proactive cyber resiliency mindset by investing more heavily in threat detection and prediction facilitated via cyberthreat and dark web intelligence.”
