Ransomware Attack on Trading Technology Provider

A ransomware attack has targeted a financial data firm and has sent the City of London into a tailspin.

The financial data firm ION Trading UK was hit by the threat actor on Tuesday and left brokers unable to process derivatives trades.

The self-spreading, automated ransomware works by gaining access to a system and then encrypting it so it cannot be used, or its information cannot be accessed. A ransom demand is then issued, often accompanied by the threat of making confidential information public if it is not paid.

The parent company, ION Group, issued a statement on its website “the incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing.”

The attack on ION had a wider impact on market participants and sources said brokers had to resort to outdated methods of recording trades, including entering them manually in spreadsheets during the ION outage.

Hacking group Lockbit claimed responsibility for the attack and said that a ransom had been paid, but declined to say how much it was, nor did they offer evidence that the money had been handed over. ION declined to comment on Lockbit's statement.

The UK authorities do not advocate cyber-attack ransoms being paid and may even respond with financial penalties for firms that hand over money to threat actors.

Contact Romano Security Consulting today and let us help to put you on the right track to secure your network.