LockBit Takes Responsibility for the Ransomware Attack on ION Group

Highlights: 

• ION didn’t reveal the form of attack, but it has been added to the victims’ list on LockBit’s leak site.
• ION’s notable customers, such as Intesa Sanpaolo s.P.A. and ABN Amro Bank N.V. may be affected by the data leakage.

The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Trading UK Ltd., a UK-based financial services company, that has forced derivatives traders to fall back on manually processing trades.

The firm revealed the incident in a short statement saying that it affected some of the services in the ION Cleared Derivatives division. As per ION, the incident is contained in a specific environment. So, the affected servers disconnected, and the remediation process of services has been underway.

According to the international news agency, Reuters, the broker’s score has become incapable of processing derivatives trades due to the attack, with attempts possibly taking days to remediate the incident completely.

ION didn’t reveal the form of attack, but LockBit ransomware has owned up for the attack on its dark web leak site. There is not any information available on listing how LockBit gained access to ION’s network. But, the ransomware gang is threatening to expose sensitive data publicly on Feb 4 if demands aren’t completed.

LockBit does not clear what its demands are, but has given its regular modus operandi. The possible demand will be a ransom payment from ION in exchange for the decryption key, and a promise not to disclose the stolen data. According to a leading media house, if LockBit did indeed steal data from ION, exposing it will affect many investors badly, with numerous organizational and monetary damages.

ION’s notable customers from Europe and U.S. may be affected by data leakage. It includes Intesa Sanpaolo s.P.A. and ABN Amro Bank N.V.

Investigating authorities on both sides of the Atlantic are operating investigations, including the Prudential Regulation Authority, U.S. Federal Bureau of Investigation, and U.K. Financial Conduct Authority.

Javvad Malik, a security awareness advocate at security awareness training company knowBe4 Inc., said, “This is a reminder not only of third-party and supply chain risks but also that large, well-known organizations that invest heavily in cyber security. It’s why conducting thorough risk assessments is important in order to identify what business processes are important so that the appropriate controls and resilience can be built into the system.”

At the beginning of January, LockBit was strangely apologizing for a ransomware attack on a children’s hospital. On Jan 12, LockBit again flashed in the news after attacking Royal Mail Group Ltd. The LockBit attack caused serious disruption to Royal Mail, as it disrupted Royal Mail’s computer systems to process overseas deliveries.