Market Extra: Options trading desks ‘flying blind’ after derivatives platform hit by ransomware attack
A popular derivatives trading platform used by options dealers and investment banks was hit with a cyber attack on Tuesday, disrupting trading of derivatives tied to stocks, bonds and currencies.
The Dublin based ION Markets, the target of the attack, was forced to shut down some of its services temporarily, a decision that impacted some customers’ ability to book and process trades, according to media reports. While the company has confirmed the hack, it has offered few details about the incident.
The hack took place Tuesday, and was first reported late Tuesday night New York time by Twitter account PriapusIQ. In a message to MarketWatch, the owner of the account identified himself as Ryan Paisey, the CEO of PiQ Global, a news aggregation service.
In the tweet, Paisey said that “[b]asically, trading desks will be flying blind as no trades for today are going in on the overnight process.”
His tweet cited a communication from one of ION’s customers warning clients that “overnight processing” of trades would be impacted and that communications from ION should be “quarantined.”
On Wednesday, the TradeNews reported that that attack was likely carried out by Lockbit, a Russian-speaking ransomware gang, citing a communication from an affiliate of ION. Trade also cited a client communication from Euronext saying that ION had been impacted by the “extraordinary” situation, although they specified that their operations hadn’t been impacted. Euronext didn’t respond to a request for comment from MarketWatch.
LockBit has gained substantial notoriety in recent months following “a multi-year rampage that has impacted hundreds of organizations around the world,” according to a Wired report published in late January.
ION responded to reports of the hack in a statement on its website entitled “Cleared Derivatives Cyber Event” where it confirmed that it had experienced what it described as a “cybersecurity event,” and that this “event” had impacted its business. The company added that it had managed to contain the damage.
“ION Cleared Derivatives, a division of ION Markets, experienced a cybersecurity event commencing on 31 January 2023 that has affected some of its services. The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available.”
A comment request sent to ION’s media line wasn’t returned.
The scope of the attack, and the fallout in terms of financial impact and market disruption, remains to be seen.
Rival trade-processing systems have also been affected due to complications matching off trades routed via ION, and as a workaround some trades are being processed manually, Bloomberg reported. The Futures Industry Association held several calls to discuss the incident with market participants on Tuesday and Wednesday while Steve Adamske, spokesman for the US Commodity Futures Trading Commission, said the derivatives regulator is aware of ION’s incident and is “working closely with impacted parties, regulators and other market participants to ensure orderly resolution.”
One week ago, a glitch on the New York Stock Exchange caused a handful of stocks to be halted for volatility shortly after the open. The exchange later blamed the incident on a malfunction of its disaster-recovery system, eventually linking it back to a mistake made by an employee with the exchange’s Chicago data center, according to Bloomberg.