Search module is not installed.

Ransomware attack that hit UK could take days to fix - sources

02.02.2023

LONDON MILAN Reuters - Sources familiar with the matter told Reuters that a ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades.

The financial data firm, ION Group, said in a statement on its website that the attack began on Tuesday.

The incident is contained to a specific environment, all affected servers are disconnected, and remediation of services is ongoing, ION Group said, declining requests for further comment.

Ransomware is a form of malicious software deployed by criminal gangs that works by encrypting data, with hackers offering the victim a key in return for payments.

Millions of dollars can be spent on ransom demands.

Britain's Financial Conduct Authority FCA and Prudential Regulation Authority PRA said on Thursday that they are aware of the ongoing incident and will continue to work with their counterparts and the firms affected.

ABN Amro Clearing and Intesa Sanpaolo, Italy's biggest bank, and messages to clients from both banks were seen by Reuters as a result of the many ION clients who were likely to have been affected.

ABN told clients on Wednesday that due to technical disruption from ION, some applications were unavailable and were expected to remain that way for a number of days. It added that its staff had to process trades directly with the exchange.

ABN didn't respond immediately to a request for comment.

A broker and clearing operations on exchange-traded derivatives had been hampered by IT problems at ION and it was not able to handle orders, according to Intesa Sanpaolo.

Intesa Sanpaolo had no immediate comment when contacted by Reuters.

The attack put brokers that process complex over-the counter trades such as options in a difficult situation and the problem could take another five days to fix, according to a source with knowledge of the matter.

Lockbit will release stolen data on February 4 if ION Group fails to pay a ransom, a screenshot of the group's blog on darkfeed.io, a website that tracks ransomware groups.

The organizations in the United States, India and Brazil are among the targets of Lockbit ransomware, according to Trend Micro.

Trend Micro has called the group, which some cybersecurity experts say has members in Russia, one of the most professional organised criminal gangs in the criminal underground Britain's National Cyber Security Agency NCSC, part of Britain's GCHQ eavesdropping intelligence agency, has said it has no immediate comment when contacted by Reuters.