EquiLend back in action as ransom payment rumors swirl The Register

Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago.
EquiLend was founded in 2001 by some of Wall Street's biggest players - its board of directors includes BlackRock, Goldman Sachs, JP Morgan, Morgan Stanley and more - and is primarily known for its Next Generation Trading platform, which underpins a large chunk of the sector's securities lending.
The platform transacts $113.5 billion every day between more than 120 companies across more than 40 markets.
The company also has regulatory tech, data analytics, and securities finance arms.
Providing regular updates via a dedicated web page, EquiLend almost completed its full restoration last week, waiting only for its data and analytics solutions to get back up and running.
EquiLend began the full restoration after it pulled systems offline following the discovery of the malicious behavior.
According to cybersecurity expert Kevin Beaumont, LockBit claimed responsibility for the attack but never posted EquiLend to its leak blog, an observation he claims suggests the company negotiated a ransom payment.
For clarity, it must be said that EquiLend has not commented on whether a ransom was paid or not.
A ransomware group's leak site serves as one of the key tools available to cyber extortionists.
The idea is that if a ransom agreement can't be met swiftly, the victim's details are posted online so everyone knows the organization is suffering a ransomware incident.
The hope is that the negotiations will be hurried along before the victim's data is posted online - the next move for cybercriminals looking to apply pressure to victims - which can include sensitive identity documents such as passport scans of staff, for example.
The company updated its FAQ page this week to reflect the system restoration but didn't update other sections regarding questions around how the attackers broke in.
Nor has EquiLend updated its communication regarding whether any data had been lifted from its systems.
The official line appears to be carefully worded to confirm client transaction data is safe.
If LockBit was indeed at fault for this, its double extortion MO likely saw one of its affiliates steal a hefty chunk of data to use as leverage for ransom negotiations down the line, if it came to it.
Paying a ransom never guarantees the return or destruction of data on the cybercriminals' part, nor does it guarantee the victim will be supplied with a decryptor.
That said, the ransomware business model would suffer substantially if decryptors weren't given in exchange for payment.
At the time of the attack, there were questions about how disruptive the attack would be, with early signs pointing to possible issues around service quality due to staff resorting to manual operations.
Experts speaking to us at the time expected minimal disruption to EquiLend's business as the effects of disrupted operations, such as revenue losses, would most likely be contained for the most part.
The attack came at a difficult time for the company, a week after it announced the sale of a majority stake of its business to private equity firm Welsh, Carson, Anderson & Stowe - a deal expected to close before the end of the year.


This Cyber News was published on go.theregister.com. Publication date: Tue, 06 Feb 2024 16:13:03 +0000


Cyber News related to EquiLend back in action as ransom payment rumors swirl The Register

EquiLend back in action as ransom payment rumors swirl The Register - Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. EquiLend was founded in 2001 by some of Wall Street's biggest players - its board of directors ...
9 months ago Go.theregister.com
Equilend warns employees their data was stolen by ransomware gang - New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. The financial technology company told BleepingComputer on January ...
8 months ago Bleepingcomputer.com
EquiLend Ransomware Attack Leads to Data Breach - Fintech firm EquiLend has started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack. EquiLend, which confirmed the next day that the disruption was caused by a ransomware ...
8 months ago Securityweek.com
EquiLend Ransomware Attack Leads to Data Breach - Fintech firm EquiLend has started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack. EquiLend, which confirmed the next day that the disruption was caused by a ransomware ...
8 months ago Packetstormsecurity.com
CVE-2013-0135 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) ...
7 years ago
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
11 months ago Therecord.media
CVE-2017-17713 - Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp ...
6 years ago
CVE-2017-17714 - Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, ...
6 years ago
To tap or not to tap: Are NFC payments safer? - These cards required insertion into payment terminals and authentication with a PIN, marking a shift toward more secure transaction methods. These cards were still susceptible to cloning or information theft, though perpetrating such crimes was more ...
11 months ago Welivesecurity.com
CVE-2023-52780 - In the Linux kernel, the following vulnerability has been resolved: net: mvneta: fix calls to page_pool_get_stats Calling page_pool_get_stats in the mvneta driver without checks leads to kernel crashes. First the page pool is only available if the bm ...
6 months ago Tenable.com
CVE-2024-47716 - In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP ...
1 month ago Tenable.com
Accepting Ethereum for Businesses, An Overview - For a business looking to stay ahead of the curve, opting to accept Ethereum payments could be the key to unlocking a new world of opportunities. Accepting Ethereum payments offers businesses global market reach, cost-effectiveness, privacy and ...
9 months ago Hackread.com
Xerox confirms 'security incident' at subsidiary The Register - Xerox has officially confirmed that a cyber baddie broke into the systems of its US subsidiary - a week after INC Ransom claimed to have exfiltrated data from the copier and print giant. Xerox Business Solutions, a subsidiary of Xerox, offers a range ...
10 months ago Go.theregister.com
Ransomware news headlines trending on Google - In the face of escalating ransomware attacks globally, no state or industry appears impervious to the threat posed by malicious malware. Recent scrutiny suggests that the UK government's approach to cybersecurity may be akin to an 'ostrich head in ...
8 months ago Cybersecurity-insiders.com
Anti-Ransomware Coalition Bound to Fail Without Key Adjustments - COMMENTARY. Ransomware is a pervasive issue affecting businesses of all sizes and industries, and the best way to respond remains hotly debated. While much fanfare coincided with the announcement of a US-led, 40-country coalition to collectively ...
10 months ago Darkreading.com
Top officials again push back on ransom payment ban - The Institute for Security and Technology's Ransomware Task Force threw cold water on the need for a ransomware payment ban in a report released Wednesday. Most of the RTF's recommendations are already in place, under development or at least ...
7 months ago Cybersecuritydive.com
Ransomware payment ban: Wrong idea at the wrong time The Register - Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. This is because a payment ban would inevitably have to include an exception for incidents where not paying the ransom poses a serious risk of ...
10 months ago Go.theregister.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
10 months ago Go.theregister.com
Do the casino ransomware attacks make the case to pay? The Register - Feature The same cybercrime crew broke into two high-profile Las Vegas casino networks over the summer, infected both with ransomware, and stole data belonging to tens of thousands of customers from the mega-resort chains. Despite the similar ...
10 months ago Theregister.com
CVE-2018-0657 - Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG ...
6 years ago
4 Security Tips From PCI DSS 4.0 Anyone Can Use - To security professionals, compliance may not be the sexiest subject, but is an important one for a variety of reasons. Security teams are important stakeholders in governance, risk, and compliance efforts, and, thus, their efforts deserve an ...
8 months ago Darkreading.com
Important details about CIRCIA ransomware reporting - This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments. Ransomware attacks have become ...
5 months ago Securityintelligence.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
Shimano's Cyber Siege: A Saga of Resistance Against Ransomware - Shimano Industries, a prominent Japanese multinational manufacturing company specializing in cycling components, fishing tackle, and rowing equipment, seems to have been hit by a massive data breach by the ransomware attacker LockBit, who has ...
10 months ago Cysecurity.news
Who pays, and why: A researcher examines the ransomware victim's mindset - Companies that work with a third-party incident response firm are the most willing to pay their extortionists, he found. Having insurance coverage, or data exfiltrated in the attack, correlated with paying a higher ransom but not necessarily to ...
9 months ago Therecord.media

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)