ION Group Paid the Ransom, Claim Hackers Responsible for Disruptive Breach

The ransomware outbreak that erupted at ION on Tuesday has disrupted trading and clearing of exchange-traded financial derivatives.

Advertisement
By Reuters | Updated: 4 February 2023 15:25 IST
Highlights
  • ION Group declined to comment on the statement
  • Lockbit communicated the claim to Reuters via its online chat account
  • Ransomware has emerged as one of the internet's most expensive scourges

The Lockbit representative said there was "no way" it would offer further details

Photo Credit: Pexels

The hackers who claimed responsibility for a disruptive breach at financial data firm ION say a ransom has been paid, although they declined to say how much it was or offer any evidence that the money had been handed over. 

ION Group declined to comment on the statement. Lockbit communicated the claim to Reuters via its online chat account on Friday but declined to clarify who had paid the money — saying it had come from a "very rich unknown philanthropist."

Advertisement

The Lockbit representative said there was "no way" it would offer further details.

The FBI did not immediately reply to a request for comment. Britain's National Cyber Security Agency, part of Britain's GCHQ eavesdropping intelligence agency, told Reuters it had no comment.

Advertisement

The ransomware outbreak that erupted at ION on Tuesday has disrupted trading and clearing of exchange-traded financial derivatives, causing problems for scores of brokers, sources familiar with the matter told Reuters this week.

Among the many ION clients whose operations were likely to have been affected were ABN Amro Clearing and Intesa Sanpaolo, Italy's biggest bank, according to messages to clients from both banks that were seen by Reuters.

Advertisement

ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days."

It was not clear whether paying the ransom would necessarily speed the clean-up effort. Ransomware works by encrypting vital company data and extorting the victims for payoffs in exchange for the decryption keys. But even if hackers hand over the keys, it can still take days, weeks or longer to undo the damage to a company's digital infrastructure.

Advertisement

There were already signs that Lockbit had reached some kind of an agreement over ION's data. The company's name was removed earlier Friday from Lockbit's extortion website, where victim companies are named and shamed in a bid to force a payout. Experts say that is often a sign that a ransom has been delivered.

"When a victim is delisted, it most commonly means either that the victim has agreed to enter negotiations or that it has paid," said ransomware expert Brett Callow of New Zealand-based cybersecurity company Emsisoft.

Callow said there was an outside chance that there was some other explanation for Lockbit publicly backing off.

"It may mean that ransomware gang got cold feet or decided not to proceed with the extortion for other reasons," he said.

Ransomware has emerged as one of the internet's most expensive and disruptive scourges. As of late Friday, Lockbit's extortion website alone counted 54 victims who were being shaken down, including a television station in California, a school in Brooklyn and a city in Michigan.

© Thomson Reuters 2023


The Infinix Zero Ultra has a decent set of specifications on paper, but does the phone justify its high asking price? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: ION Group, Ransomware, Hack, breach
Advertisement
Popular Mobile Brands
  1. How to Watch the FIFA World Cup 2026 Final Live Stream in India
  2. Best Water-Resistant Smartphones You Can Buy in India
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.