EquiLend, which processes trillions of dollars of transactions a month, said the incident on Jan. 22 took out some of its systems and may take several days to resolve. So far at least, it seems to have just slowed down operations for some of its users — posing more of a headache than anything more critical — the people said, asking not to be identified discussing the incident.
The attack throws yet another little-known firm into the spotlight, highlighting the importance of the companies that facilitate the otherwise mundane business of processing trillions of stocks, bonds and derivatives traded each day. It also serves as a reminder of vulnerabilities in the financial system, where recent attacks have snarled up both the U.S. Treasury market and the market for derivatives trading, prompting scrutiny from regulators globally.
"These cyberattacks open up a huge can of worms — they are very troubling," Larry Tabb, head of market structure research at Bloomberg Intelligence, said. "The question now is how quickly will this firm come back online? If they do come back, will their customers trust them again?"
The breach comes at an awkward time for EquiLend, which is owned by financial firms including Goldman Sachs and J.P. Morgan Chase & Co. It announced plans to sell a majority stake to Welsh, Carson, Anderson & Stowe just last week.
LockBit was responsible for the EquiLend attack, a spokesperson for the group said in an interview, adding that they will next try to negotiate with the company for a payment in exchange for unlocking the affected systems.
The group, one of the most prolific ransomware gangs of all time, also claimed responsibility for the attack at Industrial & Commercial Bank of China, the world's largest bank, late last year. That incident sent shockwaves through markets for its severity and the unexpected nature of the target — a Chinese state-owned lender operating in the U.S. The attack rendered ICBC's U.S. unit unable to clear swathes of U.S. Treasury trades, forcing the bank to attempt to send settlement details via a USB drive.
"The outage at EquiLend has impacted specific automated securities lending services," FS-ISAC, an industry group that shares intelligence on cybersecurity issues, said in a statement. "As needed, market participants have adjusted by moving to existing manual processes, with limited impact observed."
The industry is also monitoring for any ongoing issues to ensure firms have the information they need to mitigate additional impact, FS-ISAC said.