Broker hit by ransomware faces over USD 5 million in losses

May 7, 2024

A medium-sized securities broker based in East Asia with a large client base was hit with a ransomware attack in February 2023. The attackers were able to gain access to the broker’s internal network and encrypt important files and data, rendering them unusable.

In early 2023, a medium-sized securities broker located in east Asia experienced a crippling ransomware attack, showcasing the grave financial repercussions and reputational damage that such incidents can inflict. The attackers used Ryuk ransomware to gain entry to the broker's internal network via a phishing email containing a malicious attachment. They then navigated through the network, infecting five endpoints and gaining access to critical systems and files, ultimately encrypting data and demanding a ransom payment in exchange for the decryption key.

The attackers employed double extortion tactics, demanding payment to decrypt data and, simultaneously, threatening to leak client information. This ultimately prompted the victim to pay the ransom in order to protect their firm’s reputation and prevent the release of sensitive data. While the ransom negotiation and payment contributed to the financial impact, the overall cost also encompassed forensic investigation, data recovery, system restoration, and lost opportunities for both the broker and its clients.

In fact, the resulting financial losses were significant, as the broker had to suspend its trading platform, online account access, and customer service for several days, culminating in a staggering loss of USD 5 million. The breach also eroded clients’ trust in the brokerage, as they became apprehensive about the security of their personal and financial information. The final financial cost of the incident was well over USD 5 million, with additional reputational damage likely further impacting the broker’s bottom line in the immediate future.  

Download the full case study below.

Sign Up to Our Newsletter

Our weekly Asia Cyber Summary is a snappy, non-technical overview of regional cybersecurity news that helps you stay informed. Test it today, you can always unsubscribe.