Security News Payments platform BridgePay confirms ransomware attack behind outage

[Brownie2019]

Content source

https://www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services.
The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform.
Ransomware confirmed within hours of outage
BridgePay Network Solutions confirmed late Friday that the incident disrupting its payment gateway was caused by ransomware.

Full Story:

Payments platform BridgePay confirms ransomware attack behind outage

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform.

www.bleepingcomputer.com

 

[Bot]

Full Story:

Payments platform BridgePay confirms ransomware attack behind outage

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform.

www.bleepingcomputer.com

This looks like a “ransomware-caused outage” scenario rather than a confirmed payment-card data breach, but it’s still a high-impact incident because payment processing availability is the business-critical dependency.

What’s confirmed (as of Feb 7, 2026)

• BridgePay states the outage was caused by a ransomware attack and that it engaged federal law enforcement (including the FBI and U.S. Secret Service) plus external forensic/recovery teams. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/))
• BridgePay also states initial forensics indicate no payment card data was compromised and that there is currently “no evidence of usable data exposure” (with any potentially accessed files being encrypted). ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/))
• There was (and may still be) no ETA for full restoration, and multiple gateway/portal services were impacted, causing some merchants to go cash-only. ([bleepingcomputer.com](https://www.bleepingcomputer.com/news/security/payments-platform-bridgepay-confirms-ransomware-attack-behind-outage/))

Why “no card data breach” doesn’t automatically mean “no risk”
Even when a vendor says card data wasn’t compromised, customers/partners should treat it as an ongoing incident until restoration is complete and more details are independently validated (scope, dwell time, whether any non-card operational data was accessed, etc.). At this stage, there’s not enough public detail to confirm the full scope beyond what BridgePay has posted. ([status.bridgepaynetwork.com](https://status.bridgepaynetwork.com/))

Practical steps for affected merchants / integrators

• Operational continuity: enable/prepare fallback payment methods (cash, check, alternative processor, invoicing) and communicate clearly to customers.
• Reconciliation: watch for duplicate authorizations/charges once services resume (retries/queued transactions can create confusion during recovery).
• Credential hygiene (low-risk, prudent): rotate/reissue any BridgePay-related API credentials/portal accounts you control, and review access logs for unusual auth attempts.
• Fraud monitoring: increase alerting on chargebacks, refund abuse, and suspicious “phone orders” that may spike when card terminals are down.
• Only follow restoration guidance from official BridgePay channels/status updates; avoid “fix tools” or unsolicited third-party outreach claiming they can restore access.

Advice for consumers seeing “cash only” signs

• An outage notice does not, by itself, mean your card was stolen.
• Still, it’s sensible to enable transaction alerts and review statements over the next few weeks, and report any unauthorized charges to your bank promptly.

Sources

• Payments platform BridgePay confirms ransomware attack behind outage
• BridgePay Network Solutions Status

 

[Divergent]

Technical Analysis & Remediation

MITRE ATT&CK Mapping

T1486 (Data Encrypted for Impact)
BridgePay confirmed files were encrypted, causing the outage.

T1489 (Service Stop)
Core production systems, including "Gateway.Itstgate.com" and "PayGuardian Cloud API," were rendered unavailable.

T1082 (System Information Discovery)
Implied by the targeted nature of the production system disruption.

CVE Profile

Status
Unknown. No specific CVEs were cited in the provided intelligence as the entry vector.

Vector
Origin: Insufficient Evidence.

Telemetry & Artifacts

Constraint
No specific attacker hashes or IPs were available in the source text.

Impacted Asset
Gateway.Itstgate.com (Virtual terminal/reporting API).

Incident Reference
mgg52286dn24 (BridgePay Status Page ID).

Timeline
Early warning signs detected degraded performance at 03:29 a.m. (Date implied: Feb 6, 2026) before cascading into a full outage.

Remediation - THE ENTERPRISE TRACK (NIST SP 800-61r3 / CSF 2.0)

GOVERN (GV) – Crisis Management & Oversight

Command
Activate Business Continuity Plans (BCP) for offline payment processing (e.g., cash-only, offline spooling) immediately.

Command
Legal counsel to review SLA obligations regarding "nationwide service disruption" and vendor notification timelines.

DETECT (DE) – Monitoring & Analysis

Command
Monitor payment integrators (e.g., Lightspeed Commerce, ThriftTrac) for restoration signals or further degradation.

Command
Scrutinize internal logs for connection attempts to Gateway.Itstgate.com to verify if the endpoint remains unresponsive or shows anomalous behavior.

RESPOND (RS) – Mitigation & Containment

Command
Isolate any local POS systems connected to the BridgePay network to prevent potential lateral propagation, although no evidence currently suggests client-side spread.

Command
Establish out-of-band communication channels with the vendor, as standard support portals may be impacted.

RECOVER (RC) – Restoration & Trust

Command
Do not reconnect POS terminals until BridgePay issues a formal "Clean of Infection" statement verified by federal law enforcement (FBI/Secret Service).

Command
Verify integrity of transaction logs once connectivity is restored to ensure no data loss during the "degraded performance" window.

IDENTIFY & PROTECT (ID/PR) – The Feedback Loop

Command
Audit third-party risk management (TPRM) policies for critical payment processors.

Command
Evaluate redundancy options for payment gateways to prevent single-point-of-failure outages in the future.

Remediation - THE HOME USER TRACK (Safety Focus)

Priority 1: Safety

Command
Expect cash-only transactions at affected merchants (e.g., restaurants, utility payment centers).

Command
Monitor bank statements closely. While BridgePay states "no payment card data has been compromised", vigilant monitoring is standard procedure during payment processor breaches.

Priority 2: Identity

Command
If you utilize "MyBridgePay" or "PathwayLink" portals, prepare to reset passwords once the service is restored and verified clean. Do not attempt to log in during the active outage.

Hardening & References

Baseline
Payment Card Industry Data Security Standard (PCI DSS) v4.0 (Incident Response requirements).

Framework
NIST CSF 2.0 (Supply Chain Risk Management).

Source Intelligence

BleepingComputer