Many brokers may be unable to process derivatives trades for days as a result of a ransomware attack that hit ION Trading UK, according to sources familiar with the situation who spoke to Reuters.
The attack began on Tuesday, according to a statement posted on the website by ION Group, the parent company of the financial data firm.
In response to inquiries for more information, ION Group stated: “The incident is contained in a specific environment, all affected servers are offline and service repair is ongoing.”
Ransomware is a type of malicious software used by criminal organizations to encrypt data and demand payment from the victim in exchange for a key. In some cases, millions of dollars may be demanded as ransom.
Britain’s Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) said on Thursday: “We are aware of this ongoing incident and will continue to work with our counterparties and the companies affected.
ABN Amro Clearing and Intesa Sanpaolo, Italy’s largest bank, were among the many ION clients whose operations were likely affected, according to messages to clients from both banks seen by Reuters.
On Wednesday, ABN informed customers that some apps were down and expected to be down for a “number of days” due to ION’s “technical outage.” It also claimed that its employees had to deal directly with the exchange to process trades. A request for comment from ABN was not immediately fulfilled.
Intesa Sanpaolo told clients that ION’s IT problems had “severely hampered” its exchange-traded derivatives brokerage and clearing operations, making it unable to process orders. When contacted by Reuters, Intesa Sanpaolo declined to immediately comment.
According to a source with knowledge of the situation, the attack put brokers handling complicated over-the-counter transactions involving products such as options in a challenging situation, and it could take another five days to fix the problem.
A screenshot of the ION Group ransomware group’s blog was found on the dark web at darkfeed.io, a website that tracks ransomware groups, and said that Lockbit would publish the stolen data on February 4 if ION Group did not paid the demanded ransom.
Lockbit ransomware detections have been made around the world, with common targets including US, Indian and Brazilian companies, according to cybersecurity firm Trend Micro.
According to some cybersecurity experts, the group has members in Russia. According to Trend Micro, the group is “one of the most professional organized crime gangs in the underground criminal world.”
When Reuters contacted the National Cyber Security Agency (NCSC), a division of spy intelligence agency GCHQ, it said it had no immediate comment.