👀 Ones to watch: The MOST undervalued shares to buy right nowSee Undervalued Shares

Ransomware attack on data firm ION could take days to fix -sources

Published 02/02/2023, 13:34
Updated 03/02/2023, 17:15
© Reuters. FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1,  2017.REUTERS/Kacper Pempel/Illustration/File Photo

By James Pearson (LON:PSON) and Danilo Masoni

LONDON/MILAN (Reuters) -A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades, sources familiar with the matter told Reuters on Thursday.

ION Group, the financial data firm's parent company, said in a statement on its website that the attack began on Tuesday.

"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said, declining requests for further comment.

Ransomware is a form of malicious software deployed by criminal gangs which works by encrypting data, with hackers offering the victim a key in return for payments. Such ransom demands can total millions of dollars.

Officials on both sides of the Atlantic are monitoring the disruption.

"We're aware of this ongoing incident and we will continue to work with our counterparts and the firms affected," Britain's Financial Conduct Authority (FCA) and the Prudential (LON:PRU) Regulation Authority (PRA) said on Thursday.

The Federal Bureau of Investigation told Reuters it was also aware of the hack, although it declined further comment. Bloomberg News reported that the FBI had been in touch with Ion executives about the incident.

Among the many ION clients whose operations were likely to have been affected were ABN Amro Clearing and Intesa Sanpaolo (BIT:ISP), Italy's biggest bank, messages to clients from both banks which were seen by Reuters showed.

The Futures Industry Association (FIA) said issues at ION had affected the trading and clearing of exchange-traded financial derivatives, although there had been no reports of margin problems in financial markets.

ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days".

It added that its staff had to process trades directly with the exchange.

In response to questions from Reuters, ABN said it is not currently seeing any "relevant disruptions".

"ABN AMRO (AS:ABNd) Clearing has taken appropriate action to keep its operations safe, including informing its clients beforehand on what might happen," it said in an e-mailed statement.

Intesa (LON:0HBC) Sanpaolo told clients that its brokerage and clearing operations on exchange-traded derivatives had been "severely hampered" by IT problems at ION and that it was not able to handle orders.

The bank told Reuters it was waiting for ION to indicate when it could can restart "normal and safe" operations, adding that the ransomware attack targeting the trading services company had not impacted its own systems.

A source with knowledge of the matter said the attack put brokers that process complex over-the-counter trades involving products such as options in a difficult situation and the problem could take another five days to fix.

The U.S. Commodity Futures Trading Commission said its weekly Commitments of Traders report will be delayed because of the attack until all trades can be reported.

It also said certain reporting firms do not have enough information to fully prepare the daily large trader reports. CFTC reports provide a snapshot of investor positioning on various assets.

Lockbit said it would publish stolen data on Feb. 4 if ION Group failed to pay a ransom, a screenshot of the group's blog on the dark web on darkfeed.io, a website which tracks ransomware groups, showed.

Lockbit ransomware has been detected all over the world, with organisations in the United States, India and Brazil among the common targets, cybersecurity firm Trend Micro said.

© Reuters. FILE PHOTO: A man types on a computer keyboard in front of the displayed cyber code in this illustration picture taken on March 1,  2017.REUTERS/Kacper Pempel/Illustration/File Photo

Trend Micro has called the group, which some cybersecurity experts say has members in Russia, "one of the most professional organised criminal gangs in the criminal underground".

Britain's National Cyber Security Agency (NCSC), part of Britain's GCHQ eavesdropping intelligence agency, said it had no immediate comment when contacted by Reuters.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.