One of FIA Tech’s managed service providers, CyrusOne, was the target of a ransomware attack that knocked out three services FIA Tech offers from the data center.
Two of those three services have been restored, one as of Wednesday morning and the other on Thursday evening. FIA Tech’s 8,000 customers have been supportive during the 24/7 emergency response by FIA Tech, Nick Solinger, FIA Tech’s CEO, said in a call.
The attack took place on Sunday morning. In a memo, FIA Tech informed customers that “the attack was focused on disrupting operations in an attempt to obtain a ransom from our data center provider.”
ZD.net identified CyrusOne as the target of the attack and reported that CyrusOne was not planning on paying the ransom demand, “barring any future unforeseen developments.”
ZD.net reported that the name of the ransomware program was REvil (Sodinokibi).
“We immediately engaged leading forensic security firms and are working with law enforcement on the incident. We have no evidence customer data was compromised or accessed to date,” Solinger said.
FIA Tech has had daily calls with exchanges, FCMs and all their customers to keep them informed, Solinger said.
This attack has raised the profile for unique attack vectors, Solinger said. He wants to help raise awareness around the industry for this type of attack and other vulnerabilities in a trusted relationship with a managed service provider.
The forensic investigation as to how this happened is ongoing. Either the data center provider or one of the customers could have been patient zero.
Given the services FIA Tech offers, there was no impact on the trading or clearing activity of customers. Solinger said there was no data loss from the attack and 99.9% of the data has been restored from backups stored offsite from the data center.
There are typically five stages of a ransomware attack, with the first two being “exploitation and infection” and the second “delivery and execution.” The third stage is “backup spoliation.”
Solinger said the investigation is looking into whether this was a phase two or phase three attack.
FIA Tech is a wholly-owned subsidiary of FIA, collaborating with the global futures industry to improve operational efficiency via integrated, cloud-based systems. FIA Tech provides key services and processes including managing legal agreements, settling brokerage, meeting compliance requirements and automating reconciliation. Current services include Docs (give up agreements), Fees (brokerage settlement), Recs (reconciliations), Owner & Controller Repository service (regulatory compliance and indirect clearing lockbox) and the FIA Tech Databank with its suite of position limit and exchange fee data.