Ion Group, a financial software company, fights the LockBit ransomware attack

A ransomware attack on Dublin-based software company Ion Group has forced several European and American banks to revert to manual procedures. Ion Group helps financial institutions automate critical business processes.

Ion’s Cleared Derivatives division, which provides software for automating the trading lifecycle and the derivatives clearing process, was impacted by the cyberattack, which learned about on Tuesday. Derivatives are financial products that derive value from a relationship to another underlying asset, in contrast to physical assets. Currency, stocks, bonds, and commodities are all common derivatives.

In a brief statement, Ion stated that on Tuesday it “experienced a cybersecurity event” that affected some of its services. All of the affected servers have been disconnected, the incident is restricted to a specific environment, and service remediation is ongoing.

Suezelle D’Costa, a spokesperson for Ion, declined to provide any additional information regarding the incident’s nature or the method by which the organization was compromised. Bloomberg, however, was able to obtain a memo from Ion that confirms that the attack was carried out by the Russian-linked LockBit ransomware gang. Last month, the LockBit ransomware gang targeted Royal Mail, the largest postal service in the United Kingdom, which necessitated the mail service suspending international deliveries.

According to a dark website maintained by the ransomware gang and LockBit has claimed responsibility for the attack and is threatening to leak data stolen from the company on February 4 if they don’t fulfil their demands. How much data was stolen and what kinds of data were stolen are still unknown. D’Costa, an Ion spokesperson, declined to comment.

According to Bloomberg, the incident had an impact on at least 42 of Ion’s clients and forced several European and American financial institutions to manually process derivative trades. According to a source familiar with the incident and speaking, as a result of the ransomware attack, numerous commercial banks worldwide are experiencing difficulties, such as the inability to obtain quotes.

The incident is “impacting the trading and clearing of exchange-traded derivatives by Ion customers across global markets,” according to a statement released by the Futures Industry Association, a U.S. industry advocacy group.

The FIA went on to say that it is collaborating with affected members to determine the full scope of the impact.

The risk to U.S. financial markets was downplayed by the U.S. Treasury, which stated that it is monitoring the situation.

Treasury senior cybersecurity official Todd Conklin said in a statement that the Treasury is aware of the ransomware attack, but that it only affects a small number of smaller and mid-sized businesses.

Conklin stated, “The issue does not pose a systemic risk to the financial sector.” We will keep you informed of any changes to this assessment and keep in touch with important partners in the financial sector.

According to emails seen by Bloomberg, Ion informed clients on Thursday that its systems won’t be fully operational until February 6.