Ransomware attack on data company ION says it will take days to fix

A ransomware attack hitting ION Trading UK could take days to fix, leaving many brokers unable to process derivatives trades, sources familiar with the matter told Reuters.

ION Group, the parent company of the financial data company, said in a statement on its website that the attack began on Tuesday.

“The issue occurred in a specific environment, all affected servers were disconnected and remediation of services is ongoing,” the ION Group said, declining to request further comment.

Ransomware is a form of malware deployed by criminal gangs that works by encrypting data, with hackers providing victims with a key in exchange for payments.

Such ransom demands can run into the millions of dollars.

“We are aware of this ongoing incident and we will continue to work with our partners and affected companies,” said the UK Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (FCA). PRA) said on Thursday.

Among the many ION customers whose operations were potentially affected were ABN Amro Clearing and Intesa Sanpaolo, Italy’s largest bank, messages to customers from both banks seen by Reuters.

ABN told customers on Wednesday that due to “technical issues” from ION, some apps are unavailable and are expected to continue to do so for “several days”.

It added that its employees must process transactions directly with the exchange.

ABN did not immediately respond to a request for comment.

Intesa Sanpaolo told clients that their brokerage and clearing operations for exchange-traded derivatives were “seriously hampered” by IT issues at ION and they were not can process orders.

Intesa Sanpaolo was not immediately available for comment when contacted by Reuters.

A source with knowledge of the matter said the attack had put brokers handling complex decentralized transactions involving products like options, and that the problem could be lost. 5 more days to fix.

Lockbit said it will release the stolen data on February 4 if ION Group doesn’t pay the ransom, a screenshot of the group’s dark web blog on, a website that tracks ransomware groups, shows see.

Cybersecurity firm Trend Micro says the Lockbit ransomware has been detected worldwide, with organizations in the United States, India and Brazil among the common targets.

Trend Micro has called the group, which some cybersecurity experts say has members in Russia, “one of the most professional organized crime gangs in the criminal underworld”.

Britain’s National Cyber ​​Security Service (NCSC), part of Britain’s spy agency GCHQ, said it had no immediate comment when contacted by Reuters.

© Thomson Reuters 2023

Affiliate links can be generated automatically – see ours Moral standards for details.


News7F: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button