Finance & Banking , Fraud Management & Cybercrime , Industry Specific

Ransomware Hit on ION Group Delays EU Derivatives Trades

Reports Say Russian LockBit Group Carried Out Attack on Trading Software Firm
Ransomware Hit on ION Group Delays EU Derivatives Trades
Image: Shutterstock

Update Feb. 2, 2023 18:05 UTC: The LockBit ransomware-as-a-service group added ION Group to its data leak site, stating that it will publish "all available data" on the morning of Feb. 4 unless it receives an extortion payment.

See Also: Securing Healthcare Against Ransomware Post-COVID-19

Attackers this week locked up the business of London-based ION Cleared Derivatives, a software firm that supports derivatives trading, forcing major European banks to process trades manually and prompting a major futures exchange to delay the settlement of trades for two hours.

ION Cleared Derivatives is part of ION Group, which offers software designed to automate the complete trade life cycle and the derivatives clearing process. It said in a statement on its website late Tuesday that a "cybersecurity event" had affected some of its services and that "the incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing."

The attack originated from Russian ransomware gang LockBit, according to a memo from ION obtained by Bloomberg.

The Futures Industry Association on Wednesday said the attack was "impacting the trading and clearing of exchange traded derivatives by ION customers across global markets. We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing and clearing."

The FIA says in a statement Wednesday that it is coordinating communication and information sharing through regular calls with relevant parties, "assessing the firms impacted, how firms can work together to mitigate the disruption and seeking clarity over concerns about affected regulatory obligations and reporting."

Meanwhile, the ICE Futures Exchange, which handles soft markets in London, announced Wednesday that it has extended the cutoff time for position maintenance from 10 a.m. to noon.

The exchange warned that the extension "will result in delayed publication of open interest and the potential for misstated open interest on the days impacted by the vendor issue."

The settlement of derivatives investments is time-sensitive because buyers contract to sell goods or livestock to a counterparty who agrees to buy those goods or livestock at a specific price on a specific date. Often, derivative investments involve buying options based on the movement of the prices or swaps with other counterparties to hedge potential losses.

ION Cleared Derivatives did not immediately respond to requests from Information Security Media Group for an interview.

LockBit is a prolific ransomware group that has been active since late 2019. The group was recently linked to the attack on Royal Mail, which disrupted international mail service. The group is often considered the winner of the contest to succeed Conti as the world's most recognized digital extortion gang.


About the Author

Cal Harrison

Cal Harrison

Editorial Director, ISMG

Harrison helps ISMG readers gain new perspectives on the latest cybersecurity trends, research and emerging insights. A 30-year veteran writer and editor, he has served as an award-winning print and online journalist, mass communication professor and senior digital content strategist for DXC Technology, where he led thought leadership, case studies and the Threat Intelligence Report for the Fortune 500 firm's global security, cloud and IT infrastructure practices.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ransomware.databreachtoday.com, you agree to our use of cookies.