Suspected LockBit ransomware attack causes havoc in City of London
A ransomware attack on buying and selling software program provider Ion Group – doubtlessly the work of the notorious LockBit cartel – has triggered chaos for City of London merchants, leaving them unable to carry out key duties.
Ion is a important element of the UK’s monetary system, with its software program taking part in an important position in the buying and selling of debt, derivatives and shares world wide.
According to the Telegraph, the incident has affected greater than 40 purchasers, with some pressured to resort to pen and paper to course of their trades.
The incident has triggered extra stress coming on the finish of the primary calendar month of the yr, when many merchants would have been busy placing collectively end-of-month studies.
In a quick assertion, Ion confirmed {that a} cyber attack had taken place, however provided no additional particulars.
A spokesperson mentioned: “Ion Cleared Derivatives, a division of Ion Markets, skilled a cyber safety occasion commencing on 31 January 2023 that has affected some of its providers.
“The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available.”
At the time of writing, the involvement of LockBit has not been formally confirmed, merely alleged. There are additionally recommendations that the incident might have begun via the exploitation of vulnerabilities in VMware servers, once more unconfirmed.
Rebecca Moody, head of information analysis at Comparitech, commented: “At the second, there are two key considerations right here. Firstly, is the affect the downtime may have throughout a mess of organisations world wide. As we’ve seen with the current Royal Mail attack, disruptions are nonetheless ongoing over two weeks later.
“Secondly, is the high risk of sensitive data being leaked by the hackers. While ransomware attacks used to focus on encryption tactics, the majority are now stealing data as well. Ion Group has said the attack is ‘contained to a specific environment’, so we will have to hope they are able to minimise the impact of the attack and that no key data has been stolen.”
According to evaluation of incident information collated by the UK Information Commissioner’s Office (ICO) and analysed by CybSafe, the monetary providers and insurance coverage sector accounted for 12% of whole cyber assaults in the 2021-22 monetary yr.
“More notably,” mentioned CybSafe founder and CEO Oz Alashe, “the number of ransomware attacks has increased by 12% to represent 35% of all cyber attacks within the sector. The frequency of these attacks is, unfortunately, a trend likely to continue in 2023.”
Ransomware resurgence
Indeed, after one thing of a slowdown in direction of the top of 2022, ransomware assaults now look like on the up once more early in 2023, a pattern that isn’t in and of itself out of the atypical, as operators are well-known to take frequent breaks to regroup, retool, and even go on vacation.
LockBit itself has remained a extremely prolific actor, accounting for a major proportion of all disclosed ransomware incidents in provider reporting metrics. It is at the moment suspected of being behind the January 2023 attack on Royal Mail, an incident that’s nonetheless ongoing.
