Financial software company Ion Group has been hit by a ransomware attack that left banks in Europe and the US processing trades manually. LockBit has claimed responsibility for the attack, warning it will release stolen data on Saturday if the ransom isn’t paid. Ion Group says the attack was restricted to one division of the company but that the incident will take several days to recover.
The Dublin-based software developer creates automation solutions for financial institutions. The attack hit its Cleared Derivatives division which produces software for automating the financial trading lifecycle. It also works on the derivatives clearing process for a number of banks.
Exact details of the ransom demand haven’t been shared and it isn’t clear whether Ion Group plans to pay. Ion has not shared much about the incident. Writing in a statement: “The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing.”
ABN Amro Clearing and Intesa Sanpaolo are among the institutions likely to have been affected according to a report by Reuters, with the attack leaving them without access to automation tools “for a number of days”. Staff are said to be processing trades directly with the exchange.
Ion Group ransomware attack leaves banks trading manually
Derivatives are financial products that obtain their value from a relationship to another asset, including currencies, stocks, bonds and commodities. These are complex trades, leaving brokers in a difficult position.
At least 42 Ion clients have been affected, a report from Bloomberg said, and other commercial banks have come up against issues getting quotes due to knock-on issues caused by the outage.
Lockbit has been dubbed “one of the most professional organised crime gangs in the criminal underground” by security vendor Trend Micro. Thought to be based in Russia, it recently released a new variant of its malware targeting cloud services and virtual machines.
It is currently in its third regeneration, having first been spotted in 2019. It has racked up a long list of high-profile victims since its first generation. According to a report by the Infosec Institute, LockBit attacked more than 850 victims in 2022. The gang mainly targets companies in Europe, the UK and the US.
The gang was responsible for the cyberattack on the Royal Mail that disrupted delivery and collection services last month. It also threatened to publish stolen data online as part of that attack.