On the morning of March 26, 2025, a significant failure in Russia's Faster Payments System (SBP) left users unable to transfer money across multiple banks for over an hour. The issue began around 10:00 AM Moscow time, with a surge in complaints reported by users on Downdetector, indicating that many were experiencing difficulties with their transactions.
According to the press service of Roskomnadzor, the failure was linked to problems within the infrastructure of the National Payment Card System (NSPK). A statement from the Network Monitoring and Management Center of the general use communication network (CMU SSOP) confirmed that complaints about payment issues surged from 10:00 AM, with the situation being monitored closely. By 11:30 AM, the service began to restore its operability.
"On March 26, starting from 10:00, the CMU SSOP recorded a spike in inquiries regarding payment issues via the SBP. The problem was related to a failure in the infrastructure of the NSPK. By 11:30, the service was in the process of being restored," the CMU SSOP reported.
As the situation unfolded, users from various banks, including Sberbank, VTB, T-Bank, and others, reported being unable to complete transactions. Many complaints originated from major urban areas, particularly Moscow and St. Petersburg, as well as regions such as Sverdlovsk, Nizhny Novgorod, and the Leningrad Region.
By 12:10 PM, Roskomnadzor announced that all SBP services were operating normally again. However, the disruption had already caused significant inconvenience, with reports indicating that over five thousand complaints had been logged on Downdetector, which tracks service outages.
In addition to the SBP issues, a separate but simultaneous incident involved a large-scale hacker attack on Lukoil, Russia's oil giant. Reports indicated that Lukoil employees were unable to access their work computers, leading to concerns about potential data breaches. The CMU SSOP confirmed the attack, stating that the company's critical infrastructure remained unaffected.
The Baza Telegram channel reported that Lukoil's internal services were compromised, prompting employees to refrain from logging into their work accounts to prevent any data leakage. The situation was serious enough that access to client systems and internal databases was restricted.
"Employees of the oil company could not log into their work computers due to a strange message about a breakdown, after which they received an order not to log into work accounts to avoid data leakage," Baza reported. It remains unclear how long it will take for Lukoil to fully restore its systems, but sources indicated that previous similar attacks had required extensive recovery efforts.
This incident is not the first of its kind; a similar failure in the SBP occurred in June 2024, when a hacker attack on the NSPK disrupted online payments for several hours. During that incident, many users reported that their transactions failed or took multiple attempts to go through.
The recent outages come on the heels of another significant disruption reported just two days prior, on March 24, when various online services, including Sberbank, Gosuslug, and several telecom providers, experienced issues due to the use of foreign server infrastructure. Following that incident, Roskomnadzor announced plans to examine the dependence of Russian services on foreign infrastructure as part of efforts to ensure network sovereignty.
As the situation continues to develop, users are advised to stay informed through official channels and bank communications. Many banks, including Sberbank and VTB, have been proactive in notifying customers about the service disruptions. For instance, Sberbank informed its clients that transfers were blocked until 11:30 AM, while T-Bank acknowledged that their payment services were affected and that their partner was working on a fix.
With the frequency of such incidents raising concerns among users and regulators alike, the need for robust cybersecurity measures and reliable infrastructure in Russia's digital payment systems has never been more apparent. As the country navigates these challenges, it remains to be seen how both the banking sector and the government will adapt to prevent similar occurrences in the future.
The incidents highlight not only the vulnerabilities within the payment systems but also the broader implications for cybersecurity in Russia's financial landscape. As users increasingly rely on digital transactions, the urgency for enhanced security protocols and infrastructure resilience becomes critical.
