In its statements, the FinTech company denied “rumors” that any of its platforms or online services were attacked
Egypt's leading e-payment company, Fawry, is refuting claims that it was subject to a cyberattack early Thursday, according to a stock market filing and posts on social media, despite cybersecurity firms' claims.
In its statements, the FinTech company denied “rumors” that any of its platforms or online services were attacked, and stated that its cybersecurity team has scoured its servers for any trace of the reported attacks or data leaks and was unable to find evidence of its occurrence.
“[Fawry] states that no financial or banking data related to customers was leaked,” it wrote in its EGX statement.
Egypt’s largest Fintech firmly declared that the company used the latest and highest cybersecurity measures according to international standards.
Throughout the day, social media has been a buzz with calls to remove any active cards from Fawry’s services, with many reporting unauthorized money transfers through their cards.
Warnings shared on social media and WhatsApp led to what seems to be a massive influx of users shutting down accounts and closing cards attached to the FinTech, with numerous screenshots of people doing so shared online.
Several banks sent warnings, both internally and to customers, cautioning a potential personal data leak. In particular, a screenshot from an internal Arab Africa International Bank (AAIB) memo was heavily circulated stating that “Fawry is currently experiencing a cyberattack and personal identifiable Information of [the bank’s] customers is exposed.”
Later in the day, another screenshot surfaced showing a separate internal AAIB memo, sent at 2:58 pm, stating that “No cyberattacks or exposing of Personal Identifiable Information of Fawry customers has been confirmed”.
Cybersecurity platform Falconfeeds.IO was the first to share the news on social media that the Egyptian FinTech was a victim of a ransomware attack through LockBit 3.0, a Ransomware-as-a-Service (RaaS).
Global cyber-threats monitoring platform, HackManac, also published a notice sharing LockBit’s announcement from the dark web.
According to HackManac, the hackers have given Fawry until 28 November to pay an undisclosed ransom before the retrieved personal data of users are shared or sold online. HackManac rated the Fawry attack as 5 out of 5 in terms of severity, the highest rating it provides.
Amid calls for confirmation, HackManac released a photo at 3 pm that it states is from LockBit, explaining that “LockBit has published a small sample to confirm the authenticity of the attack, which we have obviously censored”.
In March 2023, the USA’s Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint statement cautioning individuals and organizations about LockBit 3.0, stating that it was “more modular and evasive than its previous versions”.
Lockbit has performed roughly 1,700 ransomware attacks in the US since 2020, according to the FBI, and is believed to have taken in about $91 million in ransom payments.
The hacker group’s latest high-profile attack was aerospace and defense giant Boeing, which confirmed on November 2 that it had suffered a “cyber incident” by the Lockbit ransomware group.
Fawry’s website and app have been out of service for most of the day, however, this can be attributed to the documented rush of users attempting to remove their cards and close their accounts. As of 6.35 PM Cairo time on Thursday, the website remained out of service. [Update: Fawry's main website was back online as of 7:27 pm Thursday]
Over 29.3 million customers use the platform in Egypt, and more than 3.06 million operations are processed daily on Fawry's network.
Fawry stock dropped nearly 4.6% at the Egyptian Exchange (EGX) on Thursday, closing at EGP 5.18.