The Lockbit ransomware gang has claimed responsibility for attacking financial technology firm Ion. The cybercrime group added the company to their list of victims on their Darkweb site and is threatening to publish all stolen data by February 4 unless a ransom is paid.
Ion’s Cleared Derivatives division was attacked on January 31 forcing US and European banks and brokers to process some derivative trades manually. According to the company’s statement, the incident is “contained to a specific environment and all the affected servers are disconnected, and remediation of services is ongoing”. More updates will be posted when available.
While Ion itself hasn’t revealed much about the attack, according to Reuters, the attack affected as many as 42 Ion customers were affected by the attack, including ABN Amro Clearing and Intesa Sanpaolo, Italy’s biggest bank.
Meanwhile, American and British authorities are continuing to investigate the incident. Britain’s Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) are working with affected firms. Bloomberg reports that the FBI has also been in touch with Ion executives regarding the attack.
According to email correspondence seen by Bloomberg, Ion told clients that its systems won’t be fully functional until February 5. The firm is still working on starting critical recovery steps as well.
The Futures Industry Association (FIA) has also jumped in and is working with its member organisations to assess the impact on trading, processing and clearing. Its member organisations include clearing firms and exchanges in addition to market regulators among other bodies.
Lockbit is also suspected to have carried out the recent cyberattack on the British Royal Mail, although the organisation hasn’t yet been added to the gang’s victim list. While it has claimed that one of its affiliates compromised the British postal service, the organisation is yet to be officially claimed a victim.