Hackers who breached ION claim to have paid the ransom; company declined to comment. By Reuters
© Reuters. FILE PHOTO: A man types on a computer keyboard in front of the network code shown in this illustration taken March 1, 2017.REUTERS/Kacper Pempel/Illustration/File Photo
By Raphael Satter
WASHINGTON (Reuters) – Hackers who have claimed responsibility for a disruptive breach at financial data firm ION say a ransom has been paid, though they declined to say how much it was. or produce any proof that the funds have been transferred.
ION Group declined to comment on the statement. Lockbit announced the request to Reuters via its live chat account on Friday but declined to clarify who paid the money – saying the money came from a “very wealthy anonymous philanthropist”. “.
A Lockbit representative said there was “no way” it would provide further details.
The FBI did not immediately respond to a request for comment. Britain’s National Cyber Security Service, part of Britain’s spy agency GCHQ, told Reuters it had no comment.
The ransomware outbreak that broke out at ION on Tuesday disrupted trading and clearing of financial derivatives traded on the exchange, causing problems for many brokers, sources said. People familiar with the matter told Reuters this week.
Among the many ION customers whose operations are potentially affected are ABN Amro Clearing and Intesa Sanpaolo (OTC:), Italy’s largest bank, according to messages sent to customers from both banks that Reuters has obtained. see.
ABN told customers on Wednesday that due to “technical issues” from ION, some apps are unavailable and are expected to continue to do so for “several days”.
It is unclear whether paying the ransom will necessarily speed up the cleanup effort. Ransomware works by encrypting important company data and extorting money from victims in exchange for decryption keys. But even if the hacker hands over the keys, it can still take days, weeks, or longer to repair the damage to a company’s digital infrastructure.
There have been indications that Lockbit has reached some sort of agreement over ION’s data. The company’s name had been removed the previous Friday from Lockbit’s extortion website, where victim companies were named and shamed in an attempt to force payouts. Experts say that is usually a sign that a ransom has been delivered.
“When a victim is delisted, it usually means that the victim has agreed to enter into negotiations or that they have already paid,” said ransomware expert Brett Callow of New Zealand-based cybersecurity firm Emsisoft. money”.
Callow said it’s possible that there is some other explanation for Lockbit’s public backtracking.
“It could mean that the ransomware gang has turned cold or decided not to conduct the extortion for other reasons,” he said.
Ransomware has emerged as one of the most costly and disruptive scourges on the internet. As of the end of Friday, Lockbit’s extortion website alone counted 54 victims who were being taken down, including a television station in California, a school in Brooklyn and a city in Michigan.