Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.
EquiLend was founded in 2001 by some of Wall Street's biggest players - its board of directors includes BlackRock, Goldman Sachs, JP Morgan, Morgan Stanley and more - and is primarily known for its Next Generation Trading platform, which underpins a large chunk of the sector's securities lending.
The platform transacts $113.5 billion every day between more than 120 companies across more than 40 markets.
The company also has regulatory tech, data analytics, and securities finance arms.
Providing regular updates via a dedicated web page, EquiLend almost completed its full restoration last week, waiting only for its data and analytics solutions to get back up and running.
EquiLend began the full restoration after it pulled systems offline following the discovery of the malicious behavior.
According to cybersecurity expert Kevin Beaumont, LockBit claimed responsibility for the attack but never posted EquiLend to its leak blog, an observation he claims suggests the company negotiated a ransom payment.
For clarity, it must be said that EquiLend has not commented on whether a ransom was paid or not.
A ransomware group's leak site serves as one of the key tools available to cyber extortionists.
The idea is that if a ransom agreement can't be met swiftly, the victim's details are posted online so everyone knows the organization is suffering a ransomware incident.
The hope is that the negotiations will be hurried along before the victim's data is posted online - the next move for cybercriminals looking to apply pressure to victims - which can include sensitive identity documents such as passport scans of staff, for example.
The company updated its FAQ page this week to reflect the system restoration but didn't update other sections regarding questions around how the attackers broke in.
Nor has EquiLend updated its communication regarding whether any data had been lifted from its systems.
The official line appears to be carefully worded to confirm client transaction data is safe.
If LockBit was indeed at fault for this, its double extortion MO likely saw one of its affiliates steal a hefty chunk of data to use as leverage for ransom negotiations down the line, if it came to it.
Paying a ransom never guarantees the return or destruction of data on the cybercriminals' part, nor does it guarantee the victim will be supplied with a decryptor.
That said, the ransomware business model would suffer substantially if decryptors weren't given in exchange for payment.
At the time of the attack, there were questions about how disruptive the attack would be, with early signs pointing to possible issues around service quality due to staff resorting to manual operations.
Experts speaking to us at the time expected minimal disruption to EquiLend's business as the effects of disrupted operations, such as revenue losses, would most likely be contained for the most part.
The attack came at a difficult time for the company, a week after it announced the sale of a majority stake of its business to private equity firm Welsh, Carson, Anderson & Stowe - a deal expected to close before the end of the year.
This Cyber News was published on go.theregister.com. Publication date: Tue, 06 Feb 2024 16:13:03 +0000