Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes, has been hit by a ransomware attack that forced several European and U.S. banks to revert to manual processes.
The cyberattack, which TechCrunch learned about on Tuesday, affected Ion’s Cleared Derivatives division, which provides software for automating the trading lifecycle and the derivatives clearing process. Unlike physical assets, derivatives are financial products that derive value from a relationship to another underlying asset. Common types of derivatives include currencies, stocks, bonds and commodities.
Ion said in a short statement that it “experienced a cybersecurity event” on Tuesday that affected some of its services. “The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing.”
Ion spokesperson Suezelle D’Costa declined to share further details, such as the nature of the incident or how the organization was compromised. However, a memo from Ion obtained by Bloomberg confirms the attack was the work of the Russian-linked LockBit ransomware gang, which last month hit U.K. postal giant Royal Mail, forcing the mail service to suspend international deliveries.
LockBit claimed responsibility for the attack and is threatening to leak data stolen from the company on February 4 unless a ransom demand is paid, according to the ransomware gang’s dark web site and seen by TechCrunch. It’s not yet known how much and what types of data were stolen. Ion spokesperson D’Costa declined to comment.
The impact of the incident also remains unclear, but Bloomberg reports that the attack affected at least 42 of Ion’s clients and forced several European and U.S. financial institutions to process some derivative trades manually. A person with knowledge of the incident told TechCrunch that many commercial banks worldwide are experiencing issues, such as the ability to get quotes, following the ransomware attack.
The Futures Industry Association, a U.S.-based industry advocacy group for the futures, options and cleared derivatives markets, said in a statement that the incident is “impacting the trading and clearing of exchange-traded derivatives by Ion customers across global markets.”
The FIA added that it is working with impacted members to assess the extent of the impact.
Meanwhile, the U.S. Treasury said it’s monitoring the situation and downplayed the risk to U.S. financial markets.
In a statement provided to TechCrunch, Treasury senior cybersecurity official Todd Conklin said the Treasury is aware of the ransomware attack but said that the incident is isolated to a small number of smaller and mid-size firms.
“The issue does not pose a systemic risk to the financial sector,” said Conklin. “We remain connected with key financial sector partners, and will advise of any changes to this assessment.”
Ion told clients on Thursday that its systems won’t be fully operational until February 6, according to email correspondence seen by Bloomberg.
https://techcrunch.com/
e new year has kicked off with some hefty security updates released by the likes of Apple, Google, and Microsoft. January has been a busy time for enterprise patches too, with SAP, VMWare, and Oracle among those issuing security fixes during the month. Here’s everything you need to know about the security fixes released in […]
The infrastructure behind Hive, one of the most prolific ransomware operations, has been seized by law enforcement agencies in the United States and Europe. Hive saw its dark web portal seized as part of a coordinated law enforcement action carried out by the U.S. Department of Justice, the FBI, Secret Service and several European government agencies, […]
Thousands of Norton LifeLock customers had their accounts compromised in recent weeks, potentially allowing criminal hackers access to customer password managers, the company revealed in a recent data breach notice. In a notice to customers, Gen Digital, the parent company of Norton LifeLock, said that the likely culprit was a credential stuffing attack — where previously […]
Leave a Reply