Ransomware Attack Hits FIA Tech Managed Service Provider CyrusOne

John Lothian

John Lothian

Executive Chairman and CEO

One of FIA Tech’s managed service providers, CyrusOne, was the target of a ransomware attack that knocked out three services FIA Tech offers from the data center.

Two of those three services have been restored, one as of Wednesday morning and the other on Thursday evening. FIA Tech’s 8,000 customers have been supportive during the 24/7 emergency response by FIA Tech, Nick Solinger, FIA Tech’s CEO, said in a call.

The attack took place on Sunday morning. In a memo, FIA Tech informed customers that “the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider.”

ZD.net identified CyrusOne as the target of the attack and reported that CyrusOne was not planning on paying the ransom demand, “barring any future unforeseen developments.”

ZD.net reported that the name of the ransomware program was REvil (Sodinokibi).

“We immediately engaged leading forensic security firms and are working with law enforcement on the incident. We have no evidence customer data was compromised or accessed to date,” Solinger said.

FIA Tech has had daily calls with exchanges, FCMs and all their customers to keep them informed, Solinger said.

This attack has raised the profile for unique attack vectors, Solinger said. He wants to help raise awareness around the industry for this type of attack and other vulnerabilities in a trusted relationship with a managed service provider.

The forensic investigation as to how this happened is ongoing. Either the data center provider or one of the customers could have been patient zero.

Given the services FIA Tech offers, there was no impact on the trading or clearing activity of customers. Solinger said there was no data loss from the attack and 99.9% of the data has been restored from backups stored offsite from the data center.

There are typically five stages of a ransomware attack, with the first two being “exploitation and infection” and the second “delivery and execution.” The third stage is “backup spoliation.”

Solinger said the investigation is looking into whether this was a phase two or phase three attack.

FIA Tech is a wholly-owned subsidiary of FIA, collaborating with the global futures industry to improve operational efficiency via integrated, cloud-based systems. FIA Tech provides key services and processes including managing legal agreements, settling brokerage, meeting compliance requirements and automating reconciliation. Current services include Docs (give up agreements), Fees (brokerage settlement), Recs (reconciliations), Owner & Controller Repository service (regulatory compliance and indirect clearing lockbox) and the FIA Tech Databank with its suite of position limit and exchange fee data.

John Lothian Newsletter

Today’s Newsletter

We visit more than 100 websites daily for financial news (Would YOU do that?)

Now Read This

The Spread: It Takes Two to Contango

The Spread: It Takes Two to Contango

This week on The Spread – low natural gas prices lead to an increase in swaptions trading, the CME has another successful launch, and a Binance-backed exchange boasts a ton of trading volume.

…in with the new

…in with the new

This week on The Spread – the OCC and CME report cause to celebrate, bitcoin options products abound, and the options markets react to retaliation from Iran.

Nothing Learned from the CFTC Bullying a Win in the Thakkar Case

Nothing Learned from the CFTC Bullying a Win in the Thakkar Case

If Jitesh Thakkar loses his case brought by the Enforcement Division of the CFTC, it will not be because the facts in the case are damning against him. It will be because the CFTC has bled Thakkar and his family and friends dry of the financial resources and the will to persevere. It will be because the CFTC’s tactic of drawing out the process and the costs for deposing him, former employees and even customers became too much for Thakkar to endure.

CryptoMarketsWiki Podcast Ep. 7: Buy the Dip! Featuring: Thom Thompson, editor at JLN

CryptoMarketsWiki Podcast Ep. 7: Buy the Dip! Featuring: Thom Thompson, editor at JLN

JLN Editor Thom Thompson has decades of experience working in the financial markets in both the U.S. and Europe. These days, he uses his expertise to explain the cryptocurrency markets, especially the burgeoning cryptocurrency derivatives to JLN’s readers. In this episode of the CMW Podcast, Thom joins Matt in the studio to discuss the most notable moments in the cryptocurrency markets in 2019.

Pin It on Pinterest

Share This Story