Ion Group, a Dublin-based software company that helps financial institutions automate their critical business processes, has been hit by a ransomware attack that forced several European and U.S. banks to revert to manual processes.
The cyberattack, which TechCrunch learned about on Tuesday, affected Ion’s Cleared Derivatives division, which provides software for automating the trading lifecycle and the derivatives clearing process. Unlike physical assets, derivatives are financial products that derive value from a relationship to another underlying asset. Common types of derivatives include currencies, stocks, bonds and commodities.
Ion said in a short statement that it “experienced a cybersecurity event” on Tuesday that affected some of its services. “The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing.”
Ion spokesperson Suezelle D’Costa declined to share further details, such as the nature of the incident or how the organization was compromised. However, a memo from Ion obtained by Bloomberg confirms the attack was the work of the Russian-linked LockBit ransomware gang, which last month hit U.K. postal giant Royal Mail, forcing the mail service to suspend international deliveries.
LockBit claimed responsibility for the attack and is threatening to leak data stolen from the company on February 4 unless a ransom demand is paid, according to the ransomware gang’s dark web site and seen by TechCrunch. It’s not yet known how much and what types of data were stolen. Ion spokesperson D’Costa declined to comment.
The impact of the incident also remains unclear, but Bloomberg reports that the attack affected at least 42 of Ion’s clients and forced several European and U.S. financial institutions to process some derivative trades manually. A person with knowledge of the incident told TechCrunch that many commercial banks worldwide are experiencing issues, such as the ability to get quotes, following the ransomware attack.
The Futures Industry Association, a U.S.-based industry advocacy group for the futures, options and cleared derivatives markets, said in a statement that the incident is “impacting the trading and clearing of exchange-traded derivatives by Ion customers across global markets.”
The FIA added that it is working with impacted members to assess the extent of the impact.
Meanwhile, the U.S. Treasury said it’s monitoring the situation and downplayed the risk to U.S. financial markets.
In a statement provided to TechCrunch, Treasury senior cybersecurity official Todd Conklin said the Treasury is aware of the ransomware attack but said that the incident is isolated to a small number of smaller and mid-size firms.
“The issue does not pose a systemic risk to the financial sector,” said Conklin. “We remain connected with key financial sector partners, and will advise of any changes to this assessment.”
Ion told clients on Thursday that its systems won’t be fully operational until February 6, according to email correspondence seen by Bloomberg.
https://techcrunch.com/
The U.S. Supreme Court has declined to block a lawsuit brought by WhatsApp challenging the alleged mass phone hacking by Israeli spyware maker NSO Group. Meta-owned WhatsApp first filed a suit against NSO Group in 2019 claiming the spyware maker exploited an audio-calling vulnerability in WhatsApp to stealthily deliver its Pegasus phone spyware onto users’ […]
A notable development for the fraught issue of cross-border data flows from the Organisation for Economic Co-operation and Development (OECD) Wednesday: After two years of closed-door discussions, the intergovernmental organization has adopted a declaration on government access to data held by private sector entities. The declaration, which has been adopted by the 38 OECD countries […]
DNV, a Norwegian shipping classification society, has confirmed its systems were hit by a ransomware attack, affecting around 1,000 ships that rely on its technology. The Oslo-based DNV said in a statement on Wednesday that its ShipManager software was targeted by file-encrypting malware on January 7, forcing the organization to shut down its servers. ShipManager is a fleet management […]
Leave a Reply