LockBit allegedly behind attack on City of London infrastructure

A suspected LockBit attack on a key software supplier Ion has caused severe disruption for trading in the City of London.

A threat group with Russian links is alleged to be behind the attack that caused chaos for London traders, who rely on Ion’s critical software for the trading of shares, debt, and derivatives. The attack took place on January 31, 2023.

According to Telegraph, 42 of Ion’s clients were affected, being forced to use pen and paper instead. The incident is especially disruptive since many traders are currently preparing end-of-month reports. Others had to process trades manually.

Additional reports suggest that certain clients were not able to reach out to Ion by phone and had to make a trip to the provider’s office.

“The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing,” Ion announced on its website.

The Futures Industry Association (FIA) announced that it’s investigating the impact of the incident on trading, processing, and clearing.

Recently, LockBit took responsibility for the Royal Mail ransomware attack, which caused disruption to the international export services of the British multinational postal service company. There is, however, no confirmation that LockBit was indeed behind the attack on Ion as of now.

Neil Jones, Director of Cybersecurity Evangelism at Egnyte, notes the following concerning trends he’s observed following recent cyberattacks:

  • Cyberattacks on organizations that engage in just-in-time business processing, such as trading platforms and shipping companies, because they are much more likely to make ransom payments to keep their businesses operational.
  • A transition to harder-to-track cryptocurrencies after ransom payments made by more traditional cryptocurrencies have been recovered by government entities.
  • More frequent and improved communication between companies that are impacted by data breaches and their customer base.

“Although the origin of this week’s cyber incident is still being analyzed, the impact on ION Market’s customer service has already been significant. And, even though there's no current evidence that business data or Personally Identifiable Information (PII) was compromised, it is not uncommon for attackers to wait for just the right moment to post breached data to the Web,” he added.