ION yet to fix cyber security issue, after Lockbit attack

ION Trading UK may take several days to fix the cyber security issue, leaving brokers unable to process derivatives trades, Reuters news report said.
VC funding for tech
ION Group, the financial data firm’s parent company, said in a statement on its website that the cyber attack began on Tuesday.

“The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing,” ION Group said.

“We’re aware of this ongoing incident and we will continue to work with our counterparts and the firms affected,” Britain’s Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) said on Thursday.

ION clients such as ABN Amro Clearing and Intesa Sanpaolo, Italy’s biggest bank, have faced issues in their operations.

The Futures Industry Association (FIA) said issues at ION had affected the trading and clearing of exchange-traded financial derivatives, although there had been no reports of margin problems in financial markets, Bloomberg news report said.

ABN told clients that due to “technical disruption” from ION, some applications were unavailable and were expected to remain so for a number of days. It added that its staff had to process trades directly with the exchange.

ABN told Reuters that it is not currently seeing any relevant disruptions.

“ABN AMRO Clearing has taken appropriate action to keep its operations safe, including informing its clients beforehand on what might happen,” it said in an e-mailed statement.

Intesa Sanpaolo told clients that its brokerage and clearing operations on exchange-traded derivatives had been “severely hampered” by IT problems at ION and that it was not able to handle orders.

The bank told Reuters it was waiting for ION to indicate when it could can restart normal and safe operations. It said the ransomware attack targeting the trading services company had not impacted its own systems.

The attack put brokers that process complex over-the-counter trades involving products such as options in a difficult situation and the problem could take another five days to fix.

The U.S. Commodity Futures Trading Commission said its weekly Commitments of Traders report will be delayed because of the attack until all trades can be reported.

It also said certain reporting firms do not have enough information to fully prepare the daily large trader reports. CFTC reports provide a snapshot of investor positioning on various assets.

Lockbit said it would publish stolen data on Feb. 4 if ION Group failed to pay a ransom, a screenshot of the group’s blog on the dark web on darkfeed.io, a website which tracks ransomware groups, showed.

Lockbit ransomware has been detected all over the world, with organisations in the United States, India and Brazil among the common targets, cybersecurity firm Trend Micro said.