TSYS Attacked With Ransomware, Has Data Posted Online

cybersecurity

TSYS, a payment processing company, has suffered a ransomware attack and had some data posted online, according to a report from Krebs on Security.

Krebs said the attackers have said they plan to publish more in the coming days. However, TSYS said the malware didn’t jeopardize card data and that the attack had only targeted the company’s administrative wing.

“We experienced a ransomware attack involving systems that support certain corporate back office functions of a legacy TSYS merchant business,” TSYS said in a statement to PYMNTS. “We immediately contained the suspicious activity and the business is operating normally. Transaction processing is conducted on separate systems, has continued without interruption and no card data was impacted. … This matter is immaterial to the company.”

Columbus, Ga.-based TSYS, the third-largest third-party payment processor for financial institutions in the U.S., helps to process payments, merchant services and other solutions such as prepaid debit cards and payroll cards. The company was acquired by Global Payments Inc. in 2019.

Krebs said the attack came on Dec. 8 as a cybercriminal gang called Conti claiming to be responsible for the recent attack claimed to have published over 10 gigabytes of TSYS data, claiming that that only represented around 15 percent of the overall data they had offloaded before setting off the ransomware inside TSYS, Krebs said. Conti is one of numerous cybercriminal gangs maintaining a blog in which data stolen from victims is published. Conti reportedly said the legacy system hit this time was Cayan, which was acquired by TSYS in 2018 and helps to enable payments in stores, on mobile and through eCommerce.

TSYS declined to tell Krebs whether it had paid any ransom, though according to Fabian Wosar, chief technology officer at computer security firm Emsisoft, Conti usually only publishes data online from companies that refused to pay.

Cyberattacks have been rampant during the pandemic era, with fraudsters taking advantage of the panic as well as the frantic shift toward digital shopping leaving open doors for attack. The U.S Department of the Treasury issued a “red alert” in October as ransomware attacks were on the rise, with scams targeting vulnerable sectors such as healthcare more frequently, including smaller firms, due to the weaker cybersecurity controls.

Ransomware attacks jumped 39 percent in 2019, with losses rising 46 percent, according to sources.