LockBit claims attack on financial software firm ION, demands payment by tomorrow

LockBit claims attack on financial software firm ION, demands payment by tomorrow

Image:
LockBit claims attack on financial software firm ION, demands payment by tomorrow

Ransomware attack has affective derivative trading for dozens of financial enterprises

ION Group, which a provider of financial trading and workflow automation software and services, has been hit by a ransomware attack.

The attack on London-based arm ION Trading UK has been claimed by the LockBit gang, which threatened on a dark web site to publish data it claimed to have stolen from ION unless it receives an unspecified ransom payment by 4th February.

The attack affected trades made by ABN Amro Clearing and Itay's largest bank Intesa Sanpaolo, among others, according to Reuters, which viewed internal communications relating to the incident.

ABN told customers that some applications were unavailable and were expected to be down for a "number of days", because of disruption caused by the attack on the ION Trading platform.

Intesa Sanpaolo said derivative trading had been "severely hampered", according to Reuters.

"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said in a statement.

The company said 42 clients have been affected by the attack, which has caused disruption in its cleared derivatives division. Disruption is likely to continue for several days.

Neil Jones, director of cybersecurity evangelism at Egnyte, commented: After a much quieter ransomware environment at the end of last year, I'm not surprised to see that ransomware attacks have returned with a vengeance. The recent cyber incident at ION Markets is only the latest example of several particularly concerning trends."

These include, according to Jones, "attacks on organisations that engage in just-in-time business processing", since the disruption caused will make them more likely to pay, and a move to harder to trace cryptocurrencies.

Russia-linked LockBit is one of the most prolific ransomware gangs. It has been linked to the recent attack on Royal Mail, which disrupted overseas deliveries, hospitals, local authorities, and the port of Lisbon. Last year, an entire Canadian town was hit by a LockBit ransomware attack.