Days after ION Group suffered a ransomware attack that slowed down its systems, the financial trading service provider is preparing to bring back the clients online, reported Reuters.
The attack hit ION Group’s Cleared Derivatives division on 31 January, interrupting the services of several prominent banks, hedge funds, and brokerages. LockBit ransomware gang later claimed the hit, saying that the data has been taken off their servers following the ransom payment.
The spillover effect, resulting in the shutdown of a segment of the financial services industry, prompted responses from industry bodies including the Futures Industry Association (FIA) and the Commodity Futures Trading Commission (CFTC) in the US.
ION, ransomware attack, and market reaction
According to Emma Davey, Chief Commercial Officer of Future Industry Association (FIA), the ION ransomware attack is being mostly mitigated through calls with relevant parties assessing the impacted firms.
“We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing, and clearing,” Emma told The Cyber Express via email.
She further stated that certain ION Group systems were impacted, interrupting the trading and clearing of exchange-traded derivatives by their global market customers.
Systems were fed manually through spreadsheets in the wake of the ION ransomware attack. According to a Financial Times report, the volume in exchange-traded derivatives was almost 83.9 billion contracts based on FIA data. ION services are used for several processes, including trade matching by the London Metal Exchange.
“FIA is coordinating communication and information sharing, through regular calls with relevant parties assessing the firms impacted, how firms can work together to mitigate the disruption and seeking clarity over concerns about affected regulatory obligations and reporting,” said a statement from the organisation.
ION’s ransomware attack mitigation
FIA has also been working to clear regulatory and reporting obligations on their part. Emma confirmed that the ransomware had been successfully removed, and the restoration of connectivity was underway.
Although the requirement for clearing extensions has been nearly diminished, and businesses are reporting as usual, FIA has been in a continuous dialogue with the impacted firms, exchanges, and clearing houses. Moreover, exchanges or CCPs are in the process of offering grant-clearing extensions to impacted firms to assist them in meeting the clearing and reporting deadline, Emma concluded.
Speaking about the size of the ION ransomware attack, Todd Conklin, Treasury Deputy Assistant Secretary, stated that the incident may pertain to a small number of midsize firms and does not seem to have impacted the financial sector in systemic risk, reported Bloomberg.
The CFTC acknowledged then that the issue has affected some of its clearing members’ ability to provide the organisation with “timely and accurate data”.
“As this incident unfolded, it became clear that the submission of data that is required by registrants will be delayed until the trading issues are resolved. As a result, the weekly Commitments of Traders report that is produced by CFTC staff will be delayed until all trades can be reported,” said the statement.
The CFTC found that many reporting firms were not be able to prepare their daily large trader reports as required, and asked them to work with the association to ensure timely compliance.