Ransomware attack on data firm ION could take days to fix
(Reuters) — A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades, sources familiar with the matter told Reuters.
ION Group, the financial data firm's parent company, said in a statement on its website that the attack began Tuesday.
“The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing,” ION Group said, declining requests for further comment.
Britain's Financial Conduct Authority and the Prudential Regulation Authority said Thursday, “We're aware of this ongoing incident and we will continue to work with our counterparts and the firms affected.”
Among the many ION clients whose operations were likely to have been affected were ABN Amro Clearing and Intesa Sanpaolo, Italy's biggest bank.
The Futures Industry Association said issues at ION had affected the trading and clearing of exchange-traded financial derivatives, although there had been no reports of margin problems in financial markets.
ABN told clients on Wednesday that due to “technical disruption” from ION, some applications were unavailable and were expected to remain so for a “number of days.”
A source with knowledge of the matter said the attack put brokers that process complex over-the-counter trades involving products such as options in a difficult situation and the problem could take another five days to fix.
Lockbit said it would publish stolen data on Feb. 4 if ION Group failed to pay a ransom, a screenshot of the group's blog on the dark web on darkfeed.io, a website that tracks ransomware groups, showed.
Lockbit ransomware has been detected in many countries, with organizations in the United States, India and Brazil among the common targets, cybersecurity company Trend Micro said.
