A suspected Russian based ransomware attack on a Dublin technology company that helps underpin the financial markets has served as a warning about increased targeting of supply chains by cyber criminals.

The cyberattack on the cleared derivatives unit of ION Trading Technologies Ltd. meant financial institutions had to confirm trades manually as the ION systems had to be taken off line. ION builds software that automates the matching of both sides of a trade and clearing the transaction and the incident affected 42 clients in Europe and the United States.

The United States Federal Bureau of Investigation (FBI) is working with the United Kingdom's regulators to investigate the incident and learn more about what happened to the company.

Reports say the group behind this attack was the Russia-based Ransomware as a service (RaaS) organization LockBit which led the access. LockBit claimed a ransom was paid, without disclosing the amount or who paid the bill.

Earlier this year the LockBit attacked Royal Mail and the Housing Authority of the City of Los Angeles (HACLA).

ION said the attack had been “contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing”. In 2022, volume in exchange traded derivatives reached 83.9bn contracts, according to the Futures Industry Association.

As a result of the attack on January 31, month-end data reporting for some ION clients was made complicated.

Sumeet Chabria, chief executive of consulting firm ThoughtLinks Group, told the Wall Street Journal this incident showed how important it is for financial companies to regularly reassess their cybersecurity systems and disaster planning.

He said: “It is a stark reminder of vulnerabilities in supply chains and third-party resilience. You are as good as your weakest link.”

After ION disconnected its servers, the largest trading firms, which are required to submit daily activity reports, were told to make their best estimates and revise them later. The ION incident is a tale of modern times as in past years bank employees would have checked transactions.

Businesses wanting to avoid the risks to their balance sheet and reputation, should contact a specialist Cyber Insurance Broker to procure a Specialist Broad Form Cyber Insurance Policy. We highly encourage these to avoid ambiguity over coverage and secure protection and relevant cover, as well as pre event cyber risk management together with claims management support.

Cyber is one class of insurance which W Denis arranges for Financial Institutions, along with other Civil Professional liability and Directors & Officers Liability. Contact Vida Jarašiūnaitė Vida.Jarasiunaite@wdenis.eu or Mark Dutton mark.dutton@wdenis.com for more information.