{"id":21191,"date":"2023-02-08T16:10:35","date_gmt":"2023-02-09T00:10:35","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/02\/08\/news-14923\/"},"modified":"2023-02-08T16:10:35","modified_gmt":"2023-02-09T00:10:35","slug":"news-14923","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/02\/08\/news-14923\/","title":{"rendered":"ION starts bringing customers back online after LockBit ransomware attack"},"content":{"rendered":"<p>ION Group,&nbsp;a financial software firm, is <a href=\"https:\/\/www.reuters.com\/technology\/ion-starts-bring-clients-back-online-after-ransomware-attack-source-2023-02-07\/\" target=\"_blank\">reportedly<\/a> beginning to bring clients back online after being hit by a ransomware attack late last week.<\/p>\n<p>The Russian-linked LockBit ransomware group <a rel=\"noreferrer noopener\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-attack-on-ion-group-impacts-derivatives-trading-market\/\" target=\"_blank\">claimed<\/a>&nbsp;responsibility for <a rel=\"noreferrer noopener\" href=\"https:\/\/www.darkreading.com\/attacks-breaches\/cyberattack-fintech-firm-disrupts-derivatives-trading\" target=\"_blank\">attacking<\/a>&nbsp;a division of ION Group, which affecting <a rel=\"noreferrer noopener\" href=\"https:\/\/news.bloomberglaw.com\/securities-law\/cyberattack-on-software-firm-snarls-derivatives-trading\" target=\"_blank\">42<\/a>&nbsp;clients in Europe and the United States. The incident forced several banks and brokers to process trades manually.<\/p>\n<p>The subsidiary, ION Cleared Derivatives, which offers software for automating the trading cycle and the clearing process for derivatives, released&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/iongroup.com\/press-release\/markets\/cleared-derivatives-cyber-event\/\" target=\"_blank\">a very short statement<\/a>&nbsp;regarding the &#8220;cybersecurity event&#8221; on Tuesday.<\/p>\n<blockquote>\n<p>The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available.<\/p>\n<\/blockquote>\n<p>In a statement last week, Deputy Assistant Secretary of the Treasury&#8217;s Office of Cybersecurity and Critical Infrastructure Protection Todd Conklin was&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/uk.news.yahoo.com\/cyberattack-software-firm-ion-snarls-160936184.html\" target=\"_blank\">quoted<\/a>&nbsp;saying the disruption to Cleared Derivatives&#8217; platform does not pose a &#8220;systemic risk to the financial sector&#8221;, adding that the incident is isolated to a small number of smaller and mid-size firms. &#8220;We remain connected with key financial sector partners, and will advise of any changes to this assessment,&#8221; he further said.<\/p>\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/easset_upload_file88213_257447_e.jpg\" alt=\"\" width=\"651\" height=\"553\" style=\"display: block; margin-left: auto; margin-right: auto;\" \/><br \/>The ION Group leak site post (Source: Malwarebytes)<\/p>\n<p>On Friday, February 4, the ransomware group <a href=\"https:\/\/www.reuters.com\/technology\/hackers-say-ransom-paid-case-derivatives-data-firm-ion-company-declines-comment-2023-02-03\/\" target=\"_blank\">claimed<\/a>&nbsp;the ransom had been paid, with&nbsp;Reuters <a href=\"https:\/\/www.reuters.com\/technology\/hackers-say-ransom-paid-case-derivatives-data-firm-ion-company-declines-comment-2023-02-03\/\" target=\"_blank\">quoting the attackers <\/a>as&nbsp;saying the money was paid by a &#8220;very rich unknown philanthropist&#8221;. Both ION&nbsp;and LockBit declined to reveal further details.<\/p>\n<p>In an&nbsp;<a href=\"https:\/\/www.theregister.com\/2023\/02\/03\/ion_ransomware_attack\/\" target=\"_blank\" rel=\"noreferrer noopener\">interview<\/a>&nbsp;with The Register, Tom Kellermann, senior VP of cyber strategy at Contrast said that supply chain attacks like this are becoming common in the financial sector. &#8220;Shared service providers are being increasingly targeted by cybercrime cartels to manifest island hopping,&#8221; he said. &#8220;Cyberattacks in the financial sector are no longer merely about conducting a heist but rather to hijack the digital transformation of the victim so as to launch attacks against their customer base.&#8221;<\/p>\n<p>Last month, the LockBit ransomware group attacked&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/cyberattack-halts-royal-mails-overseas-post\">Royal Mail<\/a>&nbsp;during the first week and the&nbsp;<a rel=\"noreferrer noopener\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/01\/la-housing-authority-is-latest-lockbit-ransomware-victim\" target=\"_blank\">Housing Authority of the City of Los Angeles (HACLA)<\/a>&nbsp;just days after.<\/p>\n<p><a href=\"https:\/\/try.malwarebytes.com\/stop-ransomware-guaranteed\/?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2b_cm_ransomware_guaranteed_bofu_166483439687\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2022\/10\/easset_upload_file23110_239551_e.jpg\" alt=\"Stop ransomware\" style=\"display: block; margin-left: auto; margin-right: auto;\" width=\"300\" height=\"300\" \/><\/a><\/p>\n<h2>How to avoid ransomware<\/h2>\n<p>There is no doubt hospitals remain under a bullseye, and attackers can strike at any time. Thankfully, there are ways organizations can&nbsp;help reduce their risk of suffering from a ransomware attack.<\/p>\n<ul>\n<li><strong>Have an incident response (IR) plan.<\/strong>&nbsp;Organizations&nbsp;should accept the fact that a cyberattack is likely to affect them at some point, whether they&rsquo;re the direct victim or part of a supply chain. An IR plan can direct your responders on what to do in the event of a cybersecurity attack. This should include restoring from backups, client outreach, and reporting to law enforcement among others.<\/li>\n<li><strong>Educate your staff.<\/strong>&nbsp;Awareness goes a long way, and everyone in the company has a responsibility to keep the organization&#8217;s network safe.&nbsp;Staff should be taught&nbsp;social engineering tactics and red flags of a system attack, so they can alert the right personnel quickly should an attack occur.<\/li>\n<li><strong>Patch as soon as you can.<\/strong>&nbsp;Many threat actors get into networks by exploiting unpatched vulnerabilities. Have a patching plan in place to ensure that your organization&#8217;s network is protected against the latest and most exploited weaknesses.<\/li>\n<li><strong>Backup your files.<\/strong>&nbsp;Backups have saved a lot of organizations after a ransomware attack&mdash;provided they work. When you make a plan, ensure you also have provisions for backup testing.<\/li>\n<li><strong>Get an EDR solution.<\/strong> <a href=\"https:\/\/try.malwarebytes.com\/stop-ransomware-guaranteed\/\">Malwarebytes Endpoint Detection and Response<\/a>&nbsp;offers built-in ransomware protection,&nbsp;72-hour ransomware&nbsp;rollback, and zero-day ransomware protection. In fact, we guarantee our Endpoint Detection and Response will stop a ransomware infection on your deployed systems, or we&rsquo;ll refund your annual subscription fee. <a href=\"https:\/\/try.malwarebytes.com\/stop-ransomware-guaranteed\/https:\/\/try.malwarebytes.com\/stop-ransomware-guaranteed\/\">Try it here<\/a>.<\/li>\n<li><strong>Learn more.<\/strong> If you want to read more about protecting your business from ransomware, take a look at our <a rel=\"noreferrer noopener\" href=\"https:\/\/try.malwarebytes.com\/ransomware-emergency-kit\/\" target=\"_blank\">Ransomware Emergency Kit<\/a>.<\/li>\n<\/ul>\n<p>Stay safe!<\/p>\n<hr \/>\n<p><strong>We don&#8217;t just report on threats&mdash;we remove them<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by <a href=\"https:\/\/www.malwarebytes.com\/for-home\">downloading&nbsp;Malwarebytes today<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/ion-starts-bringing-customers-back-online-after-lockbit-ransomware-attack\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<table cellpadding=\"10\">\n<tr>\n<td valign=\"top\" align=\"left\">\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/news\" rel=\"category tag\">News<\/a><\/p>\n<p>Categories: <a href=\"https:\/\/www.malwarebytes.com\/blog\/category\/ransomware\" rel=\"category tag\">Ransomware<\/a><\/p>\n<p>Tags: LockBit<\/p>\n<p>Tags:  ransomware<\/p>\n<p>Tags:  LockBit ransomware group<\/p>\n<p>Tags:  FBI<\/p>\n<p>Tags:  Todd Conklin<\/p>\n<p>Tags:  Financial Conduct Authority<\/p>\n<p>Tags:  FCA<\/p>\n<p>Tags:  <\/p>\n<p>Tags: Prudential Regulation Authority<\/p>\n<p>Tags:  PRA<\/p>\n<p>Tags:  Tom Kellermann<\/p>\n<p>Tags:  Joseph Schifano<\/p>\n<p>Pernicious ransomware group, LockBit, is making headlines again. Less than a month after attacking HACLA, it hit the derivatives trading division of ION Group, a financial software company.<\/p>\n<table width=\"100%\">\n<tr>\n<td align=\"right\">\n<p><b>(<a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/ion-starts-bringing-customers-back-online-after-lockbit-ransomware-attack\" title=\"ION starts bringing customers back online after LockBit ransomware attack\">Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2023\/02\/ion-starts-bringing-customers-back-online-after-lockbit-ransomware-attack\">ION starts bringing customers back online after LockBit ransomware attack<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[6627,28557,28556,28561,24616,28554,32,28559,28558,3765,28555,28560],"class_list":["post-21191","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-fbi","tag-fca","tag-financial-conduct-authority","tag-joseph-schifano","tag-lockbit","tag-lockbit-ransomware-group","tag-news","tag-pra","tag-prudential-regulation-authority","tag-ransomware","tag-todd-conklin","tag-tom-kellermann"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=21191"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/21191\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=21191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=21191"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=21191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}