A ransomware attack on ION Trading UK might take days to resolve, leaving scores of brokers unable to conduct derivatives trades, according to sources familiar with the situation.
The parent company of the financial data provider, ION Group, stated on its website that the attack began on Tuesday.
“The event is isolated to a specific environment, all affected servers have been decommissioned, and service repair is proceeding,” ION Group stated, denying further comment.
Ransomware is a type of harmful software used by criminal gangs that encrypt data and offer the user a key in exchange for cash.
These ransom demands can amount to millions of dollars.
“We’re aware of this ongoing incident and we will continue to work with our counterparts and the firms affected,” Britain’s Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) said on Thursday.
ABN Amro Clearing (ABNd.AS) and Intesa Sanpaolo (ISP.MI), Italy’s largest bank, were two of the several ION clients whose activities were likely to have been impacted, according to statements to clients from both banks that were reviewed by Reuters.
On Wednesday, ABN informed customers that some applications were down and were anticipated to do so for a “few days” due to “technical disruption” from ION.
It further stated that its employees have to deal directly with the exchange to conduct trades.
A request for comment from ABN was not immediately complied with.
Intesa Sanpaolo informed clients that ION’s IT issues had “severely impeded” its brokerage and clearing operations for exchange-traded derivatives, making it unable to process orders.
When approached by Reuters, Intesa Sanpaolo declined to respond right away.
According to a person with knowledge of the situation, the hack left brokers that handle complicated over-the-counter trading involving items like options in a challenging situation, and it might take another five days to fix the issue.
A screenshot of the ION Group ransomware group’s blog on the dark web was found on darkfeed.io, a service that follows ransomware organizations, and it stated that Lockbit will disclose stolen data on February 4 if ION Group did not pay the demanded ransom.
Worldwide Lockbit ransomware detections have been made, with common targets including American, Indian, and Brazilian businesses, according to cybersecurity company Trend Micro.
According to some cybersecurity specialists, the group has members in Russia. According to Trend Micro, the group is “one of the most professional organized criminal gangs in the criminal underground.”
When contacted by Reuters, the National Cyber Security Agency (NCSC), a division of the eavesdropping spy agency GCHQ, said it had no immediate response.