BridgePay Ransomware Attack Knocks Payment Gateway Offline

A ransomware attack hit BridgePay Network Solutions on February 6, taking down one of the largest U.S. payment gateway providers and leaving merchants across the country unable to process card transactions. The company has confirmed the attack and brought in the FBI and U.S. Secret Service to assist with the investigation.

TL;DR

• What happened: Ransomware knocked BridgePay's payment gateway offline, disrupting card processing nationwide
• Who's affected: Merchants, municipalities, and businesses relying on BridgePay for payment processing
• Severity: High — core payment infrastructure disabled for days
• Action required: Affected merchants should arrange alternative payment methods and monitor BridgePay's status page for recovery updates

What Went Down

The first signs of trouble appeared around 3:29 a.m. EST on Friday, February 6, when BridgePay's systems began showing degraded performance. Within hours, the degradation escalated into a full-blown outage across the company's core services. By late Friday, BridgePay confirmed what many had suspected: ransomware was behind the disruption.

The attack crippled nearly every customer-facing system BridgePay operates — the BridgeComm gateway API, PayGuardian Cloud API, MyBridgePay virtual terminal and reporting, hosted payment pages, and the PathwayLink boarding portals. For merchants that depend on BridgePay to process credit and debit card transactions, the effect was immediate and painful.

Restaurants taped handwritten "CASH ONLY" signs to their doors. The City of Palm Bay, Florida, announced that its online billing portal was down and told residents to pay in person with cash, card, or check. The disruption rippled outward from there, touching businesses that most customers would never associate with a payment processor they've never heard of.

How BridgePay Is Responding

BridgePay engaged federal law enforcement — both the FBI and Secret Service — along with external forensic and recovery teams. The company stated that recovery "could take time" and would proceed "in a secure and responsible manner."

On the data exposure front, BridgePay offered cautious reassurance. Initial forensic findings indicate that no payment card data was compromised. The company said any files that were accessed were encrypted, and there's currently "no evidence of usable data exposure." That phrasing — "currently" and "usable" — leaves room for the situation to evolve as the investigation continues.

No ransomware gang has publicly claimed responsibility for the attack as of this writing. That's not unusual in the early days of a ransomware incident; groups sometimes wait until negotiations break down before posting victims to their leak sites. The recent Conduent breach showed how these situations can balloon — that January 2025 ransomware attack ultimately affected over 25 million Americans.

Why This Matters

Payment gateways sit at the center of modern commerce. They're the invisible plumbing connecting point-of-sale terminals, e-commerce platforms, and mobile payment apps to the banking system. When one goes down, the consequences cascade.

BridgePay isn't a household name, but it handles transactions for thousands of merchants. The attack highlights how a single compromised vendor can disrupt operations across entire cities. Palm Bay residents couldn't pay their utility bills online. Restaurants lost dinner-rush revenue. Small businesses with no backup payment processor were stuck.

This attack also fits a broader pattern we've been tracking on our ransomware news coverage. Ransomware operators have increasingly targeted critical service providers — CISA has warned about the growing risk to critical infrastructure, and groups like Qilin have hit everything from hospitals to oil pipelines. Payment processors represent high-value targets because the pressure to restore service creates leverage for attackers during ransom negotiations.

What Affected Merchants Should Do

1. Check BridgePay's status page at status.bridgepaynetwork.com for real-time recovery updates
2. Set up backup payment processing through an alternate gateway if possible
3. Preserve transaction logs from before the outage for reconciliation once systems recover
4. Watch for phishing — attackers often send fake "account recovery" emails impersonating compromised companies
5. Review PCI compliance posture and verify your own card data handling practices

The incident is a reminder that business continuity planning needs to account for third-party failures, not just your own systems. If your payment processor goes dark tomorrow, do you have a plan?