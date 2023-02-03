ContributorsPublishersAdvertisers
Reuters

Ransomware attack on data firm ION could take days to fix -sources

By James Pearson and Danilo Masoni
Reuters
Reuters
 2 days ago
https://img.particlenews.com/image.php?url=2elzd6_0ka2PrNc00
  • Summary
  • Companies

LONDON/MILAN, Feb 2 (Reuters) - A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades, sources familiar with the matter told Reuters on Thursday.

ION Group, the financial data firm's parent company, said in a statement on its website that the attack began on Tuesday.

"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Group said, declining requests for further comment.

Ransomware is a form of malicious software deployed by criminal gangs which works by encrypting data, with hackers offering the victim a key in return for payments. Such ransom demands can total millions of dollars.

Officials on both sides of the Atlantic are monitoring the disruption.

"We're aware of this ongoing incident and we will continue to work with our counterparts and the firms affected," Britain's Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) said on Thursday.

The Federal Bureau of Investigation told Reuters it was also aware of the hack, although it declined further comment. Bloomberg News reported that the FBI had been in touch with Ion executives about the incident.

Among the many ION clients whose operations were likely to have been affected were ABN Amro Clearing (ABNd.AS) and Intesa Sanpaolo (ISP.MI), Italy's biggest bank, messages to clients from both banks which were seen by Reuters showed.

The Futures Industry Association (FIA) said issues at ION had affected the trading and clearing of exchange-traded financial derivatives, although there had been no reports of margin problems in financial markets.

ABN told clients on Wednesday that due to "technical disruption" from ION, some applications were unavailable and were expected to remain so for a "number of days".

It added that its staff had to process trades directly with the exchange.

In response to questions from Reuters, ABN said it is not currently seeing any "relevant disruptions".

"ABN AMRO Clearing has taken appropriate action to keep its operations safe, including informing its clients beforehand on what might happen," it said in an e-mailed statement.

Intesa Sanpaolo told clients that its brokerage and clearing operations on exchange-traded derivatives had been "severely hampered" by IT problems at ION and that it was not able to handle orders.

The bank told Reuters it was waiting for ION to indicate when it could can restart "normal and safe" operations, adding that the ransomware attack targeting the trading services company had not impacted its own systems.

A source with knowledge of the matter said the attack put brokers that process complex over-the-counter trades involving products such as options in a difficult situation and the problem could take another five days to fix.

The U.S. Commodity Futures Trading Commission said its weekly Commitments of Traders report will be delayed because of the attack until all trades can be reported.

It also said certain reporting firms do not have enough information to fully prepare the daily large trader reports. CFTC reports provide a snapshot of investor positioning on various assets.

Lockbit said it would publish stolen data on Feb. 4 if ION Group failed to pay a ransom, a screenshot of the group's blog on the dark web on darkfeed.io, a website which tracks ransomware groups, showed.

Lockbit ransomware has been detected all over the world, with organisations in the United States, India and Brazil among the common targets, cybersecurity firm Trend Micro said.

Trend Micro has called the group, which some cybersecurity experts say has members in Russia, "one of the most professional organised criminal gangs in the criminal underground".

Britain's National Cyber Security Agency (NCSC), part of Britain's GCHQ eavesdropping intelligence agency, said it had no immediate comment when contacted by Reuters.

Our Standards: The Thomson Reuters Trust Principles.

Comments / 0

Related
Reuters

Italy warns hackers targeting known server vulnerability

ROME, Feb 5 (Reuters) - Thousands of computer servers around the world have been targeted by a ransomware hacking attack targeting VMware (VMW.N) ESXi servers, Italy's National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems.
NASDAQ

GLOBAL MARKETS-Stocks, bonds tumble as stellar US jobs report may force Fed rethink

LONDON Feb 3 (Reuters) - Global stocks and Treasury prices tumbled on Friday after an unexpectedly strong U.S. jobs report indicated the Federal Reserve may need to keep interest rates elevated to control inflation. This placed another roadblock in the way of a weeks-long markets rally that stumbled in U.S....
Benzinga

Putin Ally Declares Russia Will Target This City First If World War 3 Erupts

As the Russia-Ukraine War rages into 2023, the economic and human cost of the Russian invasion of its neighbor continues to rise. The war began in February 2022, and several months into the conflict an ally of Russian President Vladimir Putin made a startling statement about a potential Russian military strike on a major Western city if NATO was drawn into the war.
US News and World Report

Turkey Alerts Citizens to Risk of Attack in United States, Europe on Heels of Western Warnings

ANKARA (Reuters) - Turkey warned its citizens on Saturday against "possible Islamophobic, xenophobic and racist attacks" in the United States and Europe after its Western allies cautioned their citizens in Turkey about possible terror attacks. In two separate travel advisories, the Turkish foreign ministry recommended its citizens in the United...
The Associated Press

Hellmann’s mayonnaise discontinued in South Africa, not globally

CLAIM: Hellmann’s mayonnaise is discontinuing the product globally due to high inflationary import costs. AP’S ASSESSMENT: False. The popular condiment brand is only discontinuing sales of the mayonnaise in South Africa, according to a spokesperson for the brand. The confusion started when social media users misinterpreted a since-deleted post about the change on Hellmanns’ South Africa Facebook page, which didn’t specify the country.
Reuters

U.S. warns Turkey on exports seen to boost Russia's war effort

ISTANBUL, Feb 4 (Reuters) - The United States warned Turkey in recent days about the export to Russia of chemicals, microchips and other products that can be used in Moscow's war effort in Ukraine, and it could move to punish Turkish companies or banks contravening sanctions.
The Associated Press

Indian tycoon Adani hit by more losses, calls for probe

NEW DELHI (AP) — Shares in troubled Adani Enterprises gyrated Friday, tumbling 30% and then rebounding after more than a week of heavy losses that have cost it tens of billions of dollars in market value. The company, the flagship of India’s second-largest conglomerate, canceled a share offering meant...
Motley Fool

2 Cybersecurity Stocks to Buy in 2023 Besides Microsoft

Microsoft's cybersecurity revenue is soaring, but overall growth has been sluggish. Palo Alto Networks and Fortinet are the two largest cybersecurity pure-play stocks. Both are much smaller companies and are still growing at a brisk pace. You’re reading a free article with opinions that may differ from The Motley Fool’s...
Reuters

Reuters

690K+
Followers
378K+
Post
329M+
Views
ABOUT

Reuters provides award-winning coverage of the day's most important topics, including breaking news, business, finance, politics, sports, and entertainment.

Comments / 0

Community Policy