Ransomware Attack on Data Firm ION Said to Take Days to Fix

Ransomware is a form of malicious software which works by encrypting data, with hackers offering the victim a key in return for payments.

By Reuters | Updated: 2 February 2023 19:49 IST

Ransomware Attack on Data Firm ION Said to Take Days to Fix

Photo Credit: Reuters

Lockbit said it would publish stolen data on February 4 if ION Group failed to pay a ransom

Highlights

ION Group said in a statement that the attack began on Tuesday
Lockbit ransomware has been detected all over the world
Organisations in US, India and Brazil among the common target of Lockbit

A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades, sources familiar with the matter told Reuters.

ION Group, the financial data firm's parent company, said in a statement on its website that the attack began on Tuesday.

"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said, declining requests for further comment.

Ransomware is a form of malicious software deployed by criminal gangs which works by encrypting data, with hackers offering the victim a key in return for payments.

Such ransom demands can total millions of dollars.

"We're aware of this ongoing incident and we will continue to work with our counterparts and the firms affected," Britain's Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) said on Thursday.

Among the many ION clients whose operations were likely to have been affected were ABN Amro Clearing and Intesa Sanpaolo, Italy's biggest bank, messages to clients from both banks which were seen by Reuters showed.

ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days".

It added that its staff had to process trades directly with the exchange.

ABN did not immediately respond to a request for comment.

Intesa Sanpaolo told clients that its brokerage and clearing operations on exchange-traded derivatives had been "severely hampered" by IT problems at ION and that it was not able to handle orders.

Intesa Sanpaolo had no immediate comment when contacted by Reuters.

A source with knowledge of the matter said the attack put brokers that process complex over-the-counter trades involving products such as options were in a difficult situation and the problem could take another five days to fix.

Lockbit said it would publish stolen data on February 4 if ION Group failed to pay a ransom, a screenshot of the group's blog on the dark web on darkfeed.io, a website which tracks ransomware groups, showed.

Lockbit ransomware has been detected all over the world, with organisations in the United States, India and Brazil among the common targets, cybersecurity firm Trend Micro said.

Trend Micro has called the group, which some cybersecurity experts say has members in Russia, "one of the most professional organised criminal gangs in the criminal underground".

Britain's National Cyber Security Agency (NCSC), part of Britain's GCHQ eavesdropping intelligence agency, said it had no immediate comment when contacted by Reuters.

The iQoo 11 is currently the most powerful Android phone you can buy in India. Should you buy it right away? We discuss this and more on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.