Sources familiar with the matter told Reuters that the ransomware attack that hit ION Trading UK could take several days to fix, leaving scores of brokers unable to process derivatives trades.
ION Group, the parent company of the financial data firm, said in a statement on its website that the attack began on Tuesday.
ION Group declined requests for further comment, saying “the incident is contained within an isolated environment, all affected servers have been disconnected, and remediation of services is ongoing.”
ransomware A form of malicious software deployed by criminal gangs that works by encrypting data, with hackers providing a key to the victim in exchange for payment.
Such ransom demands can total in the hundreds of millions of dollars.
Britain’s Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) said on Thursday: “We are aware of this ongoing incident and we will continue to work with our counterparts and affected firms.”
Among the many ION customers whose operations were likely to be affected were ABN AMRO Clearing and Italy’s largest bank Intesa Sanpaolo, according to messages to customers of both banks that were seen by Reuters.
ABN told customers on Wednesday that due to “technical disruption” from ION, some applications were unavailable and expected to remain so for “several days”.
It added that its employees were to process trades directly with the exchange.
ABN did not immediately respond to a request for comment.
Intesa Sanpaolo told clients that its brokerage and clearing operations on exchange-traded derivatives were “severely disrupted” by IT problems at ION and that it was not able to handle orders.
Intesa Sanpaolo had no immediate comment when contacted by Reuters.
A source with knowledge of the matter said the attack put brokers who process complex over-the-counter trades on products such as options in a difficult position and it could take another five days to fix the problem.
Lockbit said it would publish the stolen data on February 4 if the ION group fails to pay the ransom, a screenshot of the group’s blog on the dark web at darkfeed.io showed, a website Which tracks ransomware groups.
Cyber security firm Trend Micro said LockBit ransomware has been detected with organizations in the United States, India and Brazil.
Trend Micro has called the group, which some cyber security experts say has members in Russia, “one of the most professionally organized criminal gangs in the criminal underground”.
Britain’s National Cyber Security Agency (NCSC), which is part of Britain’s GCHQ eavesdropping agency, said it had no immediate comment when contacted by Reuters.
© Thomson Reuters 2023