Payments platform BridgePay confirms ransomware attack behind outage

by · BleepingComputer

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services.

The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform.

Ransomware confirmed within hours of outage

BridgePay Network Solutions confirmed late Friday that the incident disrupting its payment gateway was caused by ransomware.

In an update posted Feb. 6, the company said it has engaged federal law enforcement, including the FBI and U.S. Secret Service, along with external forensic and recovery teams.

"Initial forensic findings indicate that no payment card data has been compromised," the company said, adding that any accessed files were encrypted and that there is currently "no evidence of usable data exposure."

BleepingComputer has contacted BridgePay with questions about the ransomware group involved, which BridgePay has not yet named.

Payment gateway services hit hard

BridgePay's status page showed major outages across core production systems, including:

  • BridgePay Gateway API (BridgeComm)
  • PayGuardian Cloud API
  • MyBridgePay virtual terminal and reporting
  • Hosted payment pages
  • PathwayLink gateway and boarding portals

Early warnings signs appeared around 3:29 a.m., when monitoring detected degraded performance across multiple services, beginning with the "Gateway.Itstgate.com - virtual terminal, reporting, API" systems.

The intermittent service degradation eventually cascaded into a full system outage.

Within hours, the company disclosed the incident was cybersecurity-related and later confirmed it was ransomware.

The breadth of affected systems suggests widespread disruption for merchants and payment integrators relying on the platform for card processing.

BridgePay said recovery could take time and that restoration is being handled "in a secure and responsible manner."

Merchants report cash-only payments

Around the same time BridgePay disclosed the incident, some U.S. merchants began telling customers they could only accept cash due to a nationwide card-processing outage.

One restaurant said its "credit card processing company had a cyber security breach" and that card payments were unavailable nationwide.

Restaurant says it can only take cash payments during a POS outage

It is unclear whether those outages are directly related to BridgePay, and the company has not publicly confirmed which merchants or partners were affected.

As of the latest update, the company says it is restoring operations safely while continuing the forensic investigation but has not provided an ETA for full recovery.

The incident adds to a growing wave of ransomware attacks targeting payment infrastructure, where outages can quickly impede real-world commerce when transaction pipelines go down.

The future of IT infrastructure is here

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Get the guide