The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks, and corporations for trading, investment management, and market analytics.
On January 31, 2023, the firm disclosed the incident in a short statement saying that it impacted ION Cleared Derivatives, a division of ION Markets.
“ION Cleared Derivatives, a division of ION Markets, experienced a cybersecurity event commencing on 31 January 2023 that has affected some of its services,” the company.
“The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available” – ION Group
However, the attack had a deeper impact as large customers using ION Group’s services in United States and Europe were forced to switch to manual processing of the trades, causing significant delays.
Global trading organization FIA has published a statement on the issues that have arisen, saying it’s working with impacted members to assess the situation.
We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing, and clearing.
FIA is coordinating communication and information sharing, through regular calls with relevant parties assessing the firms impacted, how firms can work together to mitigate the disruption and seeking clarity over concerns about affected regulatory obligations and reporting. – FIA
Today, LockBit ransomware has added ION Group to the list of victims on its data leak site. The hackers claim to have stolen data during the intrusion and threaten to publish the files on February 4.
If the ransomware actors hold any data from ION Group, leaking it publicly might expose sensitive information of large investors, causing significant damage to them and their organizations.
Protergo has contacted ION Group to request more details about the findings of their internal investigation and whether LockBit’s claims hold any truth, and we will update this story as soon as we receive a response.