EquiLend Continues System Restoration Post-Ransomware Attack | #ransomware | #cybercrime

Back Online: NGT Platform, Which Handles Daily Transactions Worth $100 Billion

Securities lender EquiLend Holdings said many systems are back online after a ransomware attack. (Image: Shuttersock)

Financial giant EquiLend Holdings said it’s brought back online multiple systems after ransomware-wielding attackers breached its infrastructure.

See Also: OnDemand Panel | Securing Operational Excellence: Thwarting CISOs 5 Top Security Concerns

The attack forced the New York company to take offline its NGT – for next-generation trading – platform, which it said handles transactions worth $2.4 trillion every month and gets used by over 190 firms globally, including asset owners, agency lending banks, broker-dealers and hedge funds.

On Tuesday, EquiLend said its NGT platform had been restored and that it was “now live and seeing trading activity.” The company on Friday reported further restorations, including post-trade systems underpinning services that monitor settlements, compare dividends and provide billing and technology for monitoring compliance with regulations. The company said its data and analytics services were “currently receiving and processing submitted client data,” although users couldn’t yet directly access them.

EquiLend serves as a critical player in the heavily regulated securities lending market, primarily for short selling – in which investors bet that a company’s shares will go down in value, rather than up – as well as for using derivatives to hedge the buying of securities, or for fails-driven borrowing, to cover situations in which a broker or custodian doesn’t have required securities in place. A securities lender allows investors to borrow securities to immediately sell them, in return for pre-agreed compensation as well as the securities being returned to the owner.

Hackers continue to hit major financial services firms, triggering widespread disruptions. Last October, the U.S. Treasuries market experienced disruptions after the New York financial services subsidiary of the Industrial and Commercial Bank of China got hit by ransomware-wielding attackers. Affiliates of the LockBit group claimed credit for the attack.

In January 2023, LockBit also claimed credit for an attack against London-based software firm ION Cleared Derivatives, which supports derivatives trading and is part of Dublin-based ION Group. After the attack, ION Group reported that it had to taken multiple servers offline. As a result, major European banks were left having to process trades manually, while a major futures exchange was forced to delay the settlement of trades for two hours.

Attack Details

EquiLend said the attack against it began on Jan. 22. On Jan. 24, the company issued its first outage notification, reporting that many of its systems were offline due to a “technical issue.”

On Jan. 25, EquiLend said in an updated breach notification that it had been hit by ransomware-wielding attackers, and that its NGT platform, as well as its post-trade, data and analytics, and RegTech – short for regulatory technology, referring to the management of monitoring, reporting and compliance – offerings, would be offline until they could be restored. The firm said its Spire and ECS Loan Market offerings remained unaffected by the attack and stayed fully operational.

“As part of our swift response, we took immediate steps to contain the incident and enhance our monitoring capabilities, including by implementing SentinelOne,” which offers extended detection and response technology, the company said.

The resulting outages left some EquiLend customers having to process their securities lending manually, and meant firms were at risk of not knowing their exposure or being able to meet regulatory reporting deadline, market watchers told Reuters.

The main lenders of securities are beneficial asset holders, “such as pension plans, mutual funds, hedge funds or insurance companies,” according to the Federal Reserve Bank of New York. “The main borrowers are hedge funds, asset managers, option traders and market makers.”

The firm has promised to share further details about how attackers successfully breached its systems, once it wraps an ongoing digital forensic investigation.

EquiLend was founded in 2001 by a consortium of leading financial services firms – Barclays Global Investors, Bear Stearns, Goldman Sachs, JPMorganChase, Lehman Brothers, Merrill Lynch, Morgan Stanley, Northern Trust, State Street and UBS Warburg. Their goal was to create a standardized and centralized platform for global trading and post-trade services. The company launched its NGT platform in 2002 and has since added many more services.

The attack against EquiLend came just days after private equity firm Welsh, Carson, Anderson & Stowe announced an agreement to acquire a majority stake in the company. Neither WCAS nor EquiLend have disclosed the terms of the deal, which is set to close by the end of June, subject to regulatory approvals.

Source link


National Cyber Security