Ion Group, a Dublin-based software firm that assists banks to automatize their crucial business processes, was victimized by a ransomware virus that forced a number of European as well as U.S. banks to revert to manual procedures.
The attack, which TechCrunch was informed of on Tuesday was a threat to Ion’s Cleared Derivatives division, which is a software provider that automates trading lifecycles and the clearing process for derivatives. In contrast to physical assets derivatives are financial instruments that are valued by their relationship with another asset. The most common types of derivatives are bonds, currencies, stocks, and commodities.
Ion stated in a brief declaration that the company “experienced an event in cybersecurity” on Tuesday, which affected its services in a few ways. “The incident is restricted to a particular environment that is affecting all servers affected. All affected servers are down and remediation of the affected services continues.”
Ion spokesperson Suezelle D’Costa declined to share additional details, including details of what caused the attack and how the company was compromised. A memo from Ion that was obtained by Bloomberg confirms the attack to be an operation by the Russia-linked LockBit ransomware gang that earlier this month struck U.K. mail huge Royal Mail, forcing the postal service to stop all international delivery.
LockBit took as the perpetrator of the attack and has threatened to leak the information stolen from the company on February 4, unless an agreed-upon ransom is paid in accordance with the ransomware gang’s dark internet website and as seen by TechCrunch. It’s unclear the amount or type of data that was stolen. Ion spokesperson D’Costa did not respond to requests for comment.
The impact of this incident is not yet clear, however, Bloomberg says that it impacted at least 42 clients of Ion and forced a number of European as well as U.S. financial institutions to manage certain derivative trades in a manual manner. An individual who has knowledge of the incident has told TechCrunch that a lot of commercial banks around the world are having difficulties, like being unable to obtain estimates, as a result of the attack by ransomware.
The Futures Industry Association, a U.S.-based advocacy group representing the industry for the options, futures, and cleared derivatives markets, stated in an announcement that the incident has “impacted the clearing and trading of derivatives traded on the exchange by Ion customers on the globe.”
The FIA stated that they are working closely with affected members to evaluate the extent of the damage.
In the meantime, the U.S. Treasury said it’s watching the situation closely and downplayed the threat of the situation to U.S. financial markets.
In a statement in a statement to TechCrunch, Treasury senior cybersecurity official Todd Conklin said the Treasury is aware of the ransomware hack, however, the issue is limited to a small handful of smaller and mid-sized businesses.
“The problem isn’t any threat to the financial sector,” said Conklin. “We remain in contact with our the key financial sector partners and will inform them on any changes to the assessment.”
Ion advised customers on Thursday its systems wouldn’t be fully operational until the 6th of February in accordance with email correspondence discovered by Bloomberg.