City Of London Traders Hit By Russia-Linked Cyberattack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Feb 02, 2023 02:02 am PST

Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. A top official in the US Treasury Department said on Wednesday that the hack on a UK-based software company that disrupted some futures trading doesn’t pose a “systemic danger to the financial sector.” 42 of ION Trading UK’s clients were impacted by the incident, which was first made public on Tuesday. Numerous European and American banks and brokers were forced to process trades manually. 

According to afflicted brokers, the outage is hurting critical procedures like the computation of margin calls and regulatory reporting on significant market holdings. The company’s software performs derivatives trades across stock, bond, and commodities markets. A corporate spokesperson confirmed letters from ION obtained by Bloomberg, the contents of which the attack was carried out by the Russian ransomware group LockBit.

According to Todd Conklin, the problem is “at the moment limited to a few smaller and mid-size enterprises and does not pose a systemic risk to the financial sector,” according to the Office of Cybersecurity and Critical Infrastructure Protection of the Treasury’s deputy assistant secretary.

He continued, “We remain in contact with important partners in the financial sector, and we will advise of any modifications to our assessment. A third-party software provider reported problems, according to CME Group, Intercontinental Exchange, and Cboe Global Markets Inc. are exchange operators. on Wednesday. The firm warned that those problems might impact the timeframe of issuing exchange reports by the end of the day.

In a message to members, CME stated that “any impact on clearing members may alter the contents and timeliness of the release of exchange data, including open interest.”

ION Crisis Current Effect On The Market

The ION crisis is still having an effect on the market as of Wednesday, according to StoneX Financial Ltd., a clearing and execution service provider. According to the company, “other procedures are being taken to clear trading activity, with priority being given to expiring contracts.”

Additionally impacted was access to books and records, and StoneX claimed it was unable to conduct due diligence on payment and transfer requests, leading to processing delays. A StoneX spokesman declined to comment. “We cannot guarantee that these requests will be handled until the issue is repaired.”

The cutoff time for members to undertake position maintenance has been extended by two hours, according to the ICE Futures Europe exchange, until further notice.

More rapid and automated software As trading on international exchanges has become faster and more automated, companies like ION have prospered, but in the process, they have grown to be an increasingly important component of the plumbing in contemporary financial markets.

Due to issues matching off trades routed via ION, competing trade-processing systems have also been impacted. As a workaround, specific trades are being handled manually, according to the brokers. On Tuesday and Wednesday, the Futures Industry Association called market participants on a number of occasions to address the occurrence.

The Dutch lender ABN Amro Bank NV’s US clearing unit informed its clients in a message seen by Bloomberg on Tuesday that the disruption would cause its overnight processing to be delayed and that on Wednesday, it would continue to run manually. According to a bank representative, the letter was issued to customers on Wednesday as a precaution. However, the company was able to continue operating generally after putting in place a backup system.

The US Commodity Futures Trading Commission is aware of the situation involving ION, according to spokesman Steve Adamske, and is “working closely with impacted parties, regulators, and other market players to ensure orderly resolution.”

One of the most well-known ransomware groups in the world, Lockbit, utilizes malicious software to encrypt data on its victims’ computers, rendering them unusable. The group then demands money in exchange for the files’ unlocking. According to the US Justice Department, the organization has been active since at least January 2020 and has hacked up to 1,000 people in the US and other countries while demanding at least $100 million in ransom.


Following an attack on a firm that is crucial to the British financial system by a ransomware group with Russian ties, trading in the City of London has fallen into disarray. ION Group, a provider of trading software, was the subject of a cyberattack on Tuesday by Lockbit, the same organization that attacked Royal Mail a month earlier. The London-based corporation is essential to the infrastructure supporting derivatives, debt, and equity trading in Square Mile and globally. ION, which is experiencing downtime in its cleared derivatives section, reported that the hack impacted 42 clients. A senior City banker called the assault a “serious incident” that, if it intensified, “would wipe out most of the City.” It is believed that some customers could not reach Ion by phone on Tuesday, causing some to personally visit the business’s headquarters in St. Paul to get information about the attack.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jonathan Wood
InfoSec Expert
February 2, 2023 4:06 pm

LockBit often targets insiders as a way of hacking systems. While we don’t know yet if this is the case for the attack on Ion Group, which caused the disruption to the City of London, we know the hacking group’s attack on Accenture in 2021 was thought to have been enabled by an insider. This could be anything from entering the supply chain through a network/API or even paying a disgruntled employee.
I’d advise organisations to work with their supply chain to secure endpoints and entry points, deliver cyber security training for their people, and ensure that technical measures are in place to detect and mitigate attacks. It’s also important to ensure there is resilience planning in place for critical infrastructure and data, and that any backups of software are not susceptible to compromise during a ransomware attack.

Last edited 7 months ago by Jonathan.Wood
Timothy West
Timothy West , Head of Threat Intelligence
InfoSec Expert
February 2, 2023 11:46 am

The Financial system has a terrible number of interdependencies, and a major incident at a single big enough institution can amplify and result in a pretty impactful butterfly effect across the sector. Confidence in the financial system is extremely important and, in an environment where time is so critical that entire technology divisions exist to shave microseconds off operations, interruption to expected services through a ransomware event can have a significant knock-on impact over and above that of the service impacted by the malware itself.

Last edited 7 months ago by Timothy West

Recent Posts

Would love your thoughts, please comment.x