(Bloomberg) -- Another cyberattack against the unglamorous platforms underpinning Wall Street left one of global banks’ biggest businesses falling back on an old-fashioned method of doing business.

Securities-lending teams at two major lenders had to resort to manually inputting certain stock loans and other transactions into spreadsheets after financial-technology firm EquiLend succumbed to a ransomware attack, according to people familiar with the matter. 

EquiLend, which processes trillions of dollars of transactions a month, said the incident on Jan. 22 took out some of its systems and may take several days to resolve. So far at least, it seems to have just slowed down operations for some of its users — posing more of a headache than anything more critical — the people said, asking not to be identified discussing the incident. 

Read More: Wall Street Stock-Lending Platform Crashes in Ransomware Attack

The attack throws yet another little-known firm into the spotlight, highlighting the importance of the companies that facilitate the otherwise mundane business of processing trillions of stocks, bonds and derivatives traded each day. It also serves as a reminder of vulnerabilities in the financial system, where recent attacks have snarled up both the US Treasury market and the market for derivatives trading, prompting scrutiny from regulators globally. 

“These cyberattacks open up a huge can of worms — they are very troubling,” Larry Tabb, head of market structure research at Bloomberg Intelligence, said. “The question now is how quickly will this firm come back online? If they do come back, will their customers trust them again?”

Read More: World’s Biggest Bank Has to Trade Via USB Stick After Hack 

The breach comes at an awkward time for EquiLend, which is owned by financial firms including Goldman Sachs and JPMorgan Chase & Co. It announced plans to sell a majority stake to Welsh, Carson, Anderson & Stowe just last week.

Prolific Hackers

LockBit was responsible for the EquiLend attack, a spokesperson for the group said in an interview, adding that they will next try to negotiate with the company for a payment in exchange for unlocking the affected systems. 

The group, one of the most prolific ransomware gangs of all time, also claimed responsibility for the attack at Industrial & Commercial Bank of China Ltd., the world’s largest bank, late last year. That incident sent shockwaves through markets for its severity and the unexpected nature of the target — a Chinese state-owned lender operating in the US. The attack rendered ICBC’s US unit unable to clear swathes of US Treasury trades, forcing the bank to attempt to send settlement details via a USB drive. 

A breach at software firm ION Trading UK — also orchestrated by LockBit — affected more than 40 of its clients and ultimately forced some European and US banks and brokers to process some derivatives trades manually — a throwback to an era before electronic trading took off. 

With EquiLend, banks that use its system are now trying to manually track trades with clients in the prime brokerage business, log counterparties and minimize exposure to EquiLend’s systems, the people said. Securities lending is typically a key service provided by banks’ prime brokerage units, which cater to hedge fund clients and bring in roughly $20 billion of collective revenue for the biggest global firms.

“The outage at EquiLend has impacted specific automated securities lending services,” FS-ISAC, an industry group that shares intelligence on cybersecurity issues, said in a statement. “As needed, market participants have adjusted by moving to existing manual processes, with limited impact observed.”

The industry is also monitoring for any ongoing issues to ensure firms have the information they need to mitigate additional impact, FS-ISAC said. 

©2024 Bloomberg L.P.