[BreachExchange] Ransomware attack took down R2 trillion investment company for five days

Mon Jan 31 09:56:07 EST 2022

https://mybroadband.co.za/news/security/432056-ransomware-attack-took-down-r2-trillion-investment-company-for-five-days.html

Curo Fund Services is investigating the cause behind the ransomware attack
it suffered last week, according to a report from the Sunday Times.

The investment administration provider was unable to access its systems for
five days as a result of the attack.

Curo has around R2 trillion in assets under its management. While the money
was not at risk, the outage prevented Curo’s financial service provider
clients from processing investment-related instructions or offering other
services.

Its asset management clients include Old Mutual, Sanlam Investments, and
Futuregrowth Assets.

Futuregrowth Assets halted all trading to protect its clients from
potential exposure until Curo resolved the crisis five days later.

“Curo forms part of the core value chain within our trade cycle, investment
administration, NAV pricing and reporting,” the Sunday Times quoted
Futuregrowth Assets as saying.

“Our clients’ investments were safe, but our client flows were impacted,
and our ability to report on daily valuations to clients were suspended
during this period.”

Futuregrowth has R186 billion in assets under Curo’s management and said
that none of its clients’ data or investments were compromised.

Old Mutual has assets worth R1.3 trillion under Curo’s management.

“During this period, the outage affected Curo’s ability to provide us with
prices for some of our Old Mutual Unit Trust portfolios,” Old Mutual said.

“We are in the process of applying the updated prices to those portfolios,
for those customers who transacted.”

“No individual customer data or investments were compromised as personal
client data resides on Old Mutual systems and is not shared with Curo,” it
added.

The attack is believed to have occurred on 19 January, and Curo regained
full access to its systems the following Monday, 24 January.

The investment administration provider has launched an investigation “to
establish the origin, nature and scope of this incident so as to assess any
data breaches”.

“We have already implemented additional security measures to protect
against further unauthorised access, and we will continue monitoring for
any suspicious activity,” the company said.

“Based on expert advice, we did not engage with the parties involved and
focused on restoring our operational capacity. Working with cybersecurity
specialists, we were able to isolate and then restore our systems safely.”

“Our operational teams, working closely with our clients, then processed
all outstanding transactions, and we moved back into business as usual,”
Curo added.

Sanlam said it communicated with clients following the attack to assure
them that their personal information, assets, and investments remained safe.

Curo is the latest of a growing list of businesses in the private and
public sectors to fall victim to a ransomware attack.

Last year the department of justice and Transnet were the victims of
ransomware attacks. Third-party debt collector Debt-In was also hit with a
ransomware attack in April 2021, exposing the customer data of clients such
as African Bank and Telkom.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220131/6438a0f0/attachment.html>