(Reuters) — A ransomware attack that hit ION Trading UK could take days to fix, leaving scores of brokers unable to process derivatives trades, sources familiar with the matter told Reuters.
ION Group, the financial data company’s parent company, said in a statement on its website that the attack began on Tuesday.
“The incident is contained within a specific environment, all affected servers are offline and service remediation is ongoing,” ION Group said, declining requests for further comment.
Britain’s Financial Conduct Authority and Prudential Regulation Authority said on Thursday, “We are aware of this ongoing incident and we will continue to work with our counterparts and the companies concerned.”;
Among the many ION clients whose operations were likely to be affected were ABN Amro Clearing and Intesa Sanpaolo, Italy’s largest bank.
The Futures Industry Association said issues at ION had affected the trading and clearing of exchange-traded financial derivatives, although there had been no reports of margin problems in financial markets.
ABN on Wednesday told customers that due to “technical disruptions” by ION, some applications were unavailable and expected to remain so for a “number of days”.
A source familiar with the matter said the attack put brokers who process complex over-the-counter trades involving products such as options in a difficult position and that the problem could take another five days to fix.
Lockbit said it would publish the stolen data on February 4 if ION Group failed to pay a ransom, a screenshot of the group’s dark web blog on darkfeed.io, a website that tracks ransomware groups, showed.
Lockbit ransomware has been detected in many countries, with organizations in the US, India and Brazil among the common targets, cybersecurity firm Trend Micro said.