A cyberattack that forced the Ion Group to shut down a key futures trading service on January 31 is taking several days to resolve, leaving dozens of dealers relying on workarounds to execute and process client trades. The hackers who have claimed responsibility for the ransomware attack say a ransom has been paid.
ION has declined to confirm any details of the attack. Still, it has at least confirmed with a brief press release that “ION Cleared Derivatives, a division of ION Markets, experienced a cybersecurity event.”
The press release was public on January 31, but to date, there have been no updates.
The Lockbit ransomware group confirmed to Reuters in an online chat that a “very rich philanthropist” had paid the ransom, but declined to give any further clarification or context.
The Federal Bureau of Investigation and Britain’s National Cyber Security Agency, part of the GCHQ, have each declined to comment.
The cyberattack caused a disruption in trading for multiple ION clients, including ABN Amro Clearing and Intesa Sanpaolo, Italy’s largest bank, according to Reuters.
Likely after the ransom was paid, Reuters reported that the ION Group’s name had been taken down off of the Lockbit extortion website.
But, it’s also possible that the ransomware gang got cold feet and didn’t pursue the full extortion for money, according to ransomware expert Brett Callow of cybersecurity firm Emsisoft.
Ransomware continues to dominate cybersecurity headlines on a daily basis, with schools, governments, and organizations globally suffering attacks.
