ION Group ransomware attack affects trading across the world

A recent ransomware attack against ION Group has sent ripples throughout the finance industry and trading world, being so disruptive that the FIA global trading organization released a statement saying it jumped in to help affected members.

ION Group is a UK-based software company that develops solutions for banks and other financial institutions, with its products used for trading, investing, financial management, and analysis. 

In late January 2022, it released a short statement saying one of its departments, ION Cleared Derivatives, was hit with a cyberattack.

Leaking sensitive data

“ION Cleared Derivatives, a division of ION Markets, experienced a cybersecurity event commencing on 31 January 2023 that has affected some of its services,” ION Group said. “The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available.”

But the containment could not prevent wider consequences. According to BleepingComputer, large customers using ION Group’s services in both the US and Europe had to switch to manual trade processing, which caused major delays.

“We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing, and clearing,” FIA said. 

“FIA is coordinating communication and information sharing, through regular calls with relevant parties assessing the firms impacted, how firms can work together to mitigate the disruption and seeking clarity over concerns about affected regulatory obligations and reporting.”

The threat actors behind the attack used the LockBit ransomware, it was confirmed, as the data stolen in the incident was posted to the group’s leak site. Unless ION Group pays up, the data will be released on February 4. Whether ION Group pays or not remains to be seen, but it’s safe to assume that the crooks obtained sensitive information on large investors, which could result in major damages. 

Via: BleepingComputer