Ransomware attack hits data centre, around 16 brokers likely affected

Big brokerage houses such as IIFL Securities, 5 Paisa and Axis Securities have come under a ransomeware attack that targeted Comtel, a data centre. According to a Moneycontrol report, around 16 brokers have been hit by the ransomware. 

Two of the three leading exchanges have blocked the brokers and will need to get a certificate from certified auditors to regain access to the exchanges, as per the laid-down regulations of the market regulator, Securities and Exchange Board of India (SEBI), the report said, citing sources.

The Comtel data centre contains stock broker's servers and other networking equipment. The data centre provides various services, including rack space, power and bandwidth and also rents out hardware.

Brokerages use the services of Comtel to better manage costs. Brokerages can either maintain their own data centres or use shared services as provided by Comtel. The Moneycontrol report while citing sources reported that on December 9 evening, a ransomware attack was launched on Comtel that compromised the security of nearly 16 stock brokers and their clients.

According to the sources, it is feared that the details of the clients could have been accessed through the data centre and their order flow could have been compromised. Usually, this is the pattern of the order flow: from a client to a broker, from a broker to a data centre and from a data centre to the exchanges.

The ransomware attack has led Multi Commodity Exchange (MCX) and National Stock Exchange (NSE) to end access for most of these brokers in line with the SEBI rules, said the report. 

Later, the report stated Axis Securities as saying that currently their systems are fully functional. The brokerage's statement said, "All our systems remain fully operational and unaffected. There is no risk to our client data or business continuity as our infrastructure is independent. We remain committed to upholding the highest security and compliance standards to ensure seamless and secure operations."

The norms stipulate that the brokers need to obtain certificates from Certified Information Systems Auditor (CISA), who must unequivocally state that systems are free from any ransomware and are operating smoothly. Only on the basis of this certification, the exchanges allow brokers to operate, the sources added.