View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 2, 2023updated 03 Feb 2023 10:16am

Ion Group ransomware attack by LockBit could cripple systems for days to come

Stolen data will be released on Saturday if the ransom isn't paid, the hackers say. The attack is likely to cripple systems for days.

By Ryan Morrison

Financial software company Ion Group has been hit by a ransomware attack that left banks in Europe and the US processing trades manually. LockBit has claimed responsibility for the attack, warning it will release stolen data on Saturday if the ransom isn’t paid. Ion Group says the attack was restricted to one division of the company but that the incident will take several days to recover.

Ion Group says the incident is contained to a specific environment and affected servers have been disconnected (T. Schneider/Shutterstock)
Ion Group says the incident is contained to a specific environment and affected servers have been disconnected. (Photo by T. Schneider/Shutterstock)

The Dublin-based software developer creates automation solutions for financial institutions. The attack hit its Cleared Derivatives division which produces software for automating the financial trading lifecycle. It also works on the derivatives clearing process for a number of banks.

Exact details of the ransom demand haven’t been shared and it isn’t clear whether Ion Group plans to pay. Ion has not shared much about the incident. Writing in a statement: “The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing.”

ABN Amro Clearing and Intesa Sanpaolo are among the institutions likely to have been affected according to a report by Reuters, with the attack leaving them without access to automation tools “for a number of days”. Staff are said to be processing trades directly with the exchange.

Ion Group ransomware attack leaves banks trading manually

Derivatives are financial products that obtain their value from a relationship to another asset, including currencies, stocks, bonds and commodities. These are complex trades, leaving brokers in a difficult position.

At least 42 Ion clients have been affected, a report from Bloomberg said, and other commercial banks have come up against issues getting quotes due to knock-on issues caused by the outage.

Lockbit has been dubbed “one of the most professional organised crime gangs in the criminal underground” by security vendor Trend Micro. Thought to be based in Russia, it recently released a new variant of its malware targeting cloud services and virtual machines.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

It is currently in its third regeneration, having first been spotted in 2019. It has racked up a long list of high-profile victims since its first generation. According to a report by the Infosec Institute, LockBit attacked more than 850 victims in 2022. The gang mainly targets companies in Europe, the UK and the US.

The gang was responsible for the cyberattack on the Royal Mail that disrupted delivery and collection services last month. It also threatened to publish stolen data online as part of that attack.

Read more: LockBit has released a new variant: LockBit Green

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.