PrimeXM fends off hosted MT4/5 server hack attack and ransom demand

There have been rumors circulating in the FX world the past few days about a targeted hack attack against FX broker tech, liquidity, and hosting provider PrimeXM, specifically targeting its MT4/5 hosted servers. PrimeXM provides dedicated MT4/5 hosting and connectivity services for quite a number of FX and CFD brokers.

The rumors have included multiple PrimeXM-hosted brokers being “down” and at risk of losing client data, and PrimeXM itself being asked to pay ransom to free everything up. We understand that these rumors are a large exaggeration of what actually happened.

So what did (and didn’t) happen?

Well to begin, on Thursday evening part of PrimeXM’s hosted servers were indeed hit by a ransomware attack. The company did manage to decrypt most files that got encrypted. Ultimately, less than 3% of PrimeXM hosted clients experienced any impact to their trading operations. And, at no point did PrimeXM enter into any negotiations with the attackers nor has it met any of their demands – i.e. no ransom was paid by PrimeXM.

The security of PrimeXM’s internal systems, including its XCore trading infrastructure, was not compromised nor suffered any interruptions at any point. Also, no traces of any data leaks were found.

PrimeXM put together the following incident report, which it provided late Monday to its clients, outlining a detailed review if what happened, and PrimeXM’s response, from Thursday evening until the issue was fully resolved late Sunday GMT.


Dear Clients,

We would like to share with you the sequence of events in regards to the recent attack on parts of our hosting infrastructure. The attack was discovered on THU the 9th of December 2021. All timestamps below are approximate and in GMT:

Sequence of events:

Thursday 18:50: A client reports inability to restart his MT5 History Server.

Thursday 20:40: A client reports that a ransomware attack on his server has been blocked by his antivirus.

Thursday 22:10: Several clients report switching to their failovers after experiencing issues with their primary MT4/5 servers after EOD restart.

Thursday 22:40: PrimeXM Support escalates to PrimeXM Networks for further investigation.

Thursday 22:50: PrimeXM Network escalates to PrimeXM Systems for further investigation.

Thursday 23:00: PrimeXM Systems investigates and identifies a ransomware attack by Atom Silo.

Thursday 23:15: PrimeXM Systems deploys a decryptor tool from AVAST to affected clients with decryption success rates between 5-20%.

Friday 00:15: PrimeXM Systems identifies the attack has spread to wider parts of PrimeXMs hosting infrastructure and escalates to management.

Friday 01:30: PrimeXM identifies that the attack can only disrupt client’s live trading by encrypting essential files if the MT4/5 servers are stopped or during restart.

Friday 02:30: PrimeXM issues a statement to all clients informing them of the ongoing attack. PrimeXM advises clients not to restart their MT4/5 servers and to verify their failover infrastructure is operational.

Friday 02:40: PrimeXM attempts to engage with various third party cybersecurity firms.

Friday 05:45: PrimeXM establishes a channel of communication to a Forensic and Malware Analyst who developed the core algorithm of AVASTs decryptor tool.

Friday 06:10: PrimeXM establishes a channel of communication to the cybersecurity QSecure.

Friday 06:40: QSecure engages Deloitte Cyber Forensics.

Friday 08:00: PrimeXM calls clients and continues to do so throughout the day to ensure they are aware of the statement sent earlier around 02:30.

Friday 08:00: PrimeXM identifies and disables the entry point of the attacker. The entry point was a compromised web interface of the monitoring system ZABBIX.

Friday 10:30: QSecure in collaboration with Deloitte Cyber Forensics join PrimeXM engineers onsite and begin work on analyzing the ransomware itself as well as the attack.

Friday 14:30: Preliminary evidence gathered by the forensic teams by analysing the ransomware as well as network activity does not suggest there was either a data breach or backdoor present.

Friday 18:20: PrimeXM and QSecure start collaborating with the Forensic and Malware Analyst and provide data to improve the success rate of the decryption algorithm.

Saturday 00:30: PrimeXM advises clients to switch to their MT4/5 failover Infrastructure.  For clients hosting their failover with PrimeXM, PrimeXM provides assistance and new servers to migrate to.

Saturday 06:00: PrimeXM reaches out to clients to commence the migration of MT4/5 failovers. Failover migration continues through Saturday and Sunday.

Saturday 07:30: PrimeXM receives an updated version of the decryption algorithm.

Saturday 08:00: PrimeXM receives the source code of the decryption algorithm.

Sunday 17:00: QSecure and Deloitte Cyber Forensics confirm that based on their evidence there was no data breach or backdoor present in the malware.

Sunday 18:00: PrimeXM improved the decryption algorithm and added brute force capabilities now reaching decryption rates of close to 100%. PrimeXM assists clients to decrypt files.

Summary:

We would like to confirm that less than 3% of Hosted Clients experienced any impact to their trading operations. At no point did PrimeXM enter into any negotiations with the attackers nor has met any of their demands.

The security of PrimeXM’s internal systems, including XCore trading infrastructure, was not compromised or suffered any interruptions at any point.

We will continue to provide updates as we receive them and we will always remain transparent.
Our teams are available around the clock to provide any assistance needed.

Finally, we want to sincerely apologize for any inconvenience this event might have caused to our customers. We will continue to increase inhouse expertise and work closely with our Cybersecurity partners to improve the security of our hosted systems.

120 Replies to “PrimeXM fends off hosted MT4/5 server hack attack and ransom demand”

  1. В этой статье вы найдете познавательную и занимательную информацию, которая поможет вам лучше понять мир вокруг. Мы собрали интересные данные, которые вдохновляют на размышления и побуждают к действиям. Открывайте новую информацию и получайте удовольствие от чтения!
    Детальнее – https://medalkoblog.ru/

  2. Liebhaber von Poker, Roulette und anderen Spielautomaten können ihren Aufenthalt in Amsterdam nutzen, um in eines
    der Kasinos in der Hauptstadt. Folgen Sie dem Leitfaden! Wenn Sie nach Informationen über die Casinos in Amsterdam suchen,
    werden Sie diesen Artikel lieben. In diesem Artikel stelle ich Ihnen vor die Kasinos in AmsterdamSie können Ihre
    Reise nutzen, um den Jackpot zu knacken!
    Hier werden in einer stilvollen Atmosphäre die klassischen Tischspiele sowie Poker angeboten, zudem gibt
    es zahlreiche Spielautomaten. Hallolondres.de.
    Hallobarcelona.de. So, vermeiden Sie allzu große Geldverluste.
    Einen Abend oder einen Nachmittag im Holland Casino in Amsterdam zu verbringen, ist
    eine Erfahrung, die ich Ihnen auf Ihrer Reise empfehlen würde.

    Auch das lebhafte Viertel De Pijp mit dem berühmten Albert Cuyp Markt bietet kulinarische Köstlichkeiten und lokale Produkte.
    Flugreisende landen am Flughafen Schiphol, der mit direkter Zugverbindung in etwa 15 Minuten ins
    Stadtzentrum führt. Mit dem Zug bietet der Hauptbahnhof Amsterdam Centraal zahlreiche nationale
    und internationale Verbindungen, die eine stressfreie Anreise ermöglichen. Auch hier gibt es zahlreiche Spielautomaten, ebenfalls werden die klassischen Tischspiele angeboten. Lange Wartezeiten am
    Flughafen können durch einen Kasinobesuch verkürzt werden.

    References:
    https://online-spielhallen.de/verde-casino-aktionscode-dein-weg-zu-mehr-spielspas/

  3. Hier wurden mir mehrheitlich Tischspiele von Evolution Gaming angezeigt.
    Ich persönlich habe mich auch sehr darüber gefreut, dass es zumindest ein überschaubares Crocoslots Live Casino gibt.
    Beeindruckt hat mich im Crocoslots Test vor allem die Vielfalt an Softwareanbietern.
    Crocoslots Casino legt großen Wert auf Sicherheit und verwendet SSL-Verschlüsselung auf
    der gesamten Plattform, um alle Transaktionen zu schützen und sensible Benutzerdaten zu sichern. Boni sind ein zentraler
    Bestandteil des Spielerlebnisses bei Crocoslots und beinhalten ein gut strukturiertes Angebot für sowohl neue als auch bestehende Spieler.
    Crocoslots Casino legt Wert auf transparente und faire Auszahlungsrichtlinien.
    Sie sollten jedoch beachten, dass Sie Live-Spiele
    nur mit Geld spielen können. Der einzige Unterschied ist,
    dass Sie dann auf einem kleineren Bildschirm schauen und
    spielen müssen. Wenn Sie anfangen, kostenlos zu
    spielen, sollten Sie daran denken, dass Sie noch kein Geld verdienen können. Schließlich geht es um Spaß, und
    wenn Sie gewinnen, ist das ein schöner Bonus bei Crocoslots.
    Bitte beachten Sie, dass Sie die Live-Spiele nicht kostenlos, sondern nur mit Geld
    spielen können. Sie werden schnell sehen, ob sie funktioniert oder ob Sie lieber ohne Geld spielen möchten.

    References:
    https://online-spielhallen.de/schnelle-freispiele-im-quick-win-casino-alles-was-sie-wissen-mussen/

  4. Not only do they have four epic (and we mean epic) seafood platters to choose from, but also whole and half mornay or thermidor lobster, oysters served four ways, and an extensive entree
    and main menu. If you ARE in the market for a seafood extravaganza, here
    are 11 exceptional Gold Coast venues to hit up ASAP.
    Drift into sweet dreams on plush bedding
    and 5-star luxury, waking up refreshed and ready for the day (and the breakfast buffet).
    Until July 31, you and your crew can tuck into Lemongrass Chicken Skewers, Moo
    Ping BBQ Pork Skewers, Prawn Cakes and Vegetable Spring
    Rolls. Now let’s dive a little deeper into
    the buffet, shall we? On weekends, things spice up even further with a Thai-infused buffet featuring Tom Yum Goong, Khao Soi Curry,
    Mango Sticky Rice and more.
    Explore Bonus Buy slots, virtual table games, and fast-paced arcade games.

    Our online pokies library includes games from providers like Pragmatic Play, Red Tiger, Microgaming, and NetEnt.
    Whether you’re chasing leaderboard glory or enjoying a casual spin,
    you’ll always find an offer tailored to your style of play.
    Our online platform is designed to mirror the energy of our on-site experience.

    References:
    https://blackcoin.co/paris-las-vegas-hotel-casino-adults-only/

  5. We value your time and are dedicated to providing fast and
    effective solutions.Join SkyCrown Casino Australia today and experience a world of endless entertainment.
    We operate under a legitimate gaming license, ensuring a
    secure environment where you can play with
    peace of mind. SkyCrown prides itself on offering a diverse
    collection of games to suit every preference. Built
    on a reliable and fully licensed framework, our platform ensures fair gameplay and
    total transparency.
    Plus, they cover both pokies and live casino games to
    suit all tastes. We’ve examined the legality
    of safe online casinos in Australia from three angles – what the law says,
    how it applies to you, and how it can impact your
    gaming experience. If you want to make the most of your gaming experience at
    AU online casinos, the worst thing you can do is chase losses.

    Below is a breakdown of the most popular live casino games
    in Australia, along with our top recommendations for each
    category. Live dealer games move more naturally—the dealer shuffles cards, handles chips, and announces outcomes in real time.

    RNG games generate instant outcomes, making them ideal for players who prefer fast-paced gameplay.

    References:
    https://blackcoin.co/best-bitcoin-casinos-gambling-sites-top-picks-ranked-reviewed/

Leave a Reply

Your email address will not be published. Required fields are marked *