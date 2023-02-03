WASHINGTON, Feb 3 (Reuters) - The hackers who claimed
responsibility for the disruptive breach at financial data firm
ION say a ransom has been paid, although they declined to say
how much it was or offer any evidence that the money had been
handed over.
ION Group declined to comment on the statement. Lockbit
communicated the claim to Reuters via its online chat account on
Friday but said there was "no way" it would offer details. The
FBI did not immediately reply to a request for comment.
Britain's National Cyber Security Agency (NCSC), part of
Britain's GCHQ eavesdropping intelligence agency, told Reuters
it had no comment.
The ransomware outbreak that erupted at ION on Tuesday
has disrupted trading and clearing of exchange-traded financial
derivatives, causing problems for scores of brokers, sources
familiar with the matter told Reuters this week.
Among the many ION clients whose operations were likely
to have been affected were ABN Amro Clearing and
Intesa Sanpaolo, Italy's biggest bank, according to
messages to clients from both banks that were seen by Reuters.
ABN told clients on Wednesday that due to "technical
disruption" from ION, some applications were unavailable and
were expected to remain so for a "number of days."
It's not clear whether paying the ransom would necessarily
speed the clean-up effort. Ransomware works by encrypting vital
company data and extorting the victims for payoffs in exchange
for the decryption keys. But even if hackers do hand over the
keys, it can still take days, weeks or longer to undo the damage
to a company's digital infrastructure.
There were already signs that ION and Lockbit might have
reached an agreement. ION was removed from Lockbit's extortion
website, where victim companies are named and shamed in a bid to
force a payout. Experts say that is often a sign that a ransom
has been delivered.
"When a victim is delisted, it most commonly means either
that the victim has agreed to enter negotiations or that it has
paid," said ransomware expert Brett Callow of New Zealand-based
cybersecurity company Emsisoft.
Callow said there was an outside chance that there was some
other explanation for Lockbit publicly backing off.
"It may mean that ransomware gang got cold feet or decided
not to proceed with the extortion for other reasons," he said.
Ransomware has emerged as one of the internet's most
expensive and disruptive scourges. As of late Friday, Lockbit's
extortion website alone counted 54 victims who were being shaken
down, including a television station in California, a school in
Brooklyn and a city in Michigan.
(Reporting by Raphael Satter and Christopher Bing. Additional
reporting by James Pearson in London.
Editing by Marguerita Choy and David Gregorio)