A suspected ransomware attack on a key supplier of trading software to the City of London this week appears to have disrupted activity in the derivatives market.
Ion Cleared Derivatives released a brief statement on Tuesday saying that it experienced a “cybersecurity event” that day which affected some of its services.
“The incident is contained to a specific environment, all the affected servers are disconnected and remediation of services is ongoing. Further updates will be posted when available,” it added.
Reports suggest 42 clients have been impacted by the attack on the provider, whose software plays a key role in derivatives trading around the world. It has been linked to the prolific Lockbit group which recently caused major disruption to the Royal Mail.
Trade body the Futures Industry Association (FIA) said in a statement on Wednesday that it was aware of “network issues” caused by a cyber-incident at Ion that had impacted trading and clearing of exchange traded derivatives worldwide.
“We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing and clearing,” it said.
“FIA is coordinating communication and information sharing, through regular calls with relevant parties assessing the firms impacted, how firms can work together to mitigate the disruption and seeking clarity over concerns about affected regulatory obligations and reporting.”
Tim West, head of cyber-threat intelligence at WithSecure, said supply chain attacks like this can have major repercussions for critical sectors such as finance.
“The financial system has a terrible number of interdependencies, and a major incident at a single big enough institution can amplify and result in a pretty impactful butterfly effect across the sector,” he argued.
“Confidence in the financial system is extremely important and, in an environment where time is so critical that entire technology divisions exist to shave microseconds off operations, interruption to expected services through a ransomware event can have a significant knock-on impact over and above that of the service impacted by the malware itself.”