Ransomware Attack Hits FIA Tech Managed Service Provider CyrusOne

John Lothian

John Lothian

Executive Chairman and CEO

One of FIA Tech’s managed service providers, CyrusOne, was the target of a ransomware attack that knocked out three services FIA Tech offers from the data center.

Two of those three services have been restored, one as of Wednesday morning and the other on Thursday evening. FIA Tech’s 8,000 customers have been supportive during the 24/7 emergency response by FIA Tech, Nick Solinger, FIA Tech’s CEO, said in a call.

The attack took place on Sunday morning. In a memo, FIA Tech informed customers that “the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider.”

ZD.net identified CyrusOne as the target of the attack and reported that CyrusOne was not planning on paying the ransom demand, “barring any future unforeseen developments.”

ZD.net reported that the name of the ransomware program was REvil (Sodinokibi).

“We immediately engaged leading forensic security firms and are working with law enforcement on the incident. We have no evidence customer data was compromised or accessed to date,” Solinger said.

FIA Tech has had daily calls with exchanges, FCMs and all their customers to keep them informed, Solinger said.

This attack has raised the profile for unique attack vectors, Solinger said. He wants to help raise awareness around the industry for this type of attack and other vulnerabilities in a trusted relationship with a managed service provider.

The forensic investigation as to how this happened is ongoing. Either the data center provider or one of the customers could have been patient zero.

Given the services FIA Tech offers, there was no impact on the trading or clearing activity of customers. Solinger said there was no data loss from the attack and 99.9% of the data has been restored from backups stored offsite from the data center.

There are typically five stages of a ransomware attack, with the first two being “exploitation and infection” and the second “delivery and execution.” The third stage is “backup spoliation.”

Solinger said the investigation is looking into whether this was a phase two or phase three attack.

FIA Tech is a wholly-owned subsidiary of FIA, collaborating with the global futures industry to improve operational efficiency via integrated, cloud-based systems. FIA Tech provides key services and processes including managing legal agreements, settling brokerage, meeting compliance requirements and automating reconciliation. Current services include Docs (give up agreements), Fees (brokerage settlement), Recs (reconciliations), Owner & Controller Repository service (regulatory compliance and indirect clearing lockbox) and the FIA Tech Databank with its suite of position limit and exchange fee data.

John Lothian Newsletter

Today’s Newsletter

Fate of London Metals Pit Hangs in Balance After Trader Pushback

Fate of London Metals Pit Hangs in Balance After Trader Pushback

First Read $40,276/$300,000 (13.4%) ++++ John Lothian News Converts Coronavirus Section of JLN to Wellness Exchange John Lothian - John Lothian News The COVID-19 pandemic has introduced a new risk to those addressed by this newsletter, namely the health and wellness...

We visit more than 100 websites daily for financial news (Would YOU do that?)

Now Read This

The 5 Essential Shifts of Weight Loss Mastery

The 5 Essential Shifts of Weight Loss Mastery

Excerpted from Medium: “It takes 30 days to create a new habit.” Or so we’ve been told… But in the area of weight loss mastery there are hundreds of habits to master — most of which are never discussed. This work of sustained + empowered weight mastery has been...

Pin It on Pinterest

Share This Story