ION's Woes Far From Over Even If It Paid Ransom, Experts Say

  • In Business
  • 2023-02-05 00:21:59Z
  • By Bloomberg

(Bloomberg) -- The hackers behind the recent ransomware attack on ION Trading UK, which upended derivatives trading around the world, claim the extortion payment was paid.

Most Read from Bloomberg

  • Trump Offers $1 Million Bond to Appeal Clinton Suit Sanctions

  • US Downs Chinese Balloon, Prompting Protests from Beijing

  • From China to Big Sky: The Balloon That Unnerved the White House

  • Thousands Mistake US Research Balloon for Chinese Spy Craft

  • What You Need to Know About the Suspected Chinese Spy Balloon Floating Over the US

While ION Trading has declined to comment on the hackers' claim, cybersecurity experts say paying a ransom isn't a magic bullet that automatically restores computer systems. Rather, the recovery drag on for months, they said.

"You might get the decryption key quickly, but depending on how many systems were affected it can take weeks to months to get everything working properly again," said Lou Steinberg, founder of CTM Insights, a cybersecurity research firm.

If a ransom is paid, the hacking group is supposed to provide a key to unlock the files. Computer servers that have been encrypted by ransomware often need to have their files decrypted one by one, which can take days or weeks, according to cybersecurity experts. And once a machine has had its data decrypted, that machine is no longer trusted and needs to be wiped and completely rebuilt. The process with PCs is typically faster.

"It is not just a matter of restoring the files," said Allan Liska, a ransomware expert for the cybersecurity firm Recorded Future Inc. "You also have to go through every machine to ensure the attacker didn't leave tools behind that could help them reconnect to the network and carry out another attack."

Once a company has paid a ransom, other ransomware groups may try to exploit weaknesses in its IT systems to extort them again, Liska added. As a result, ransomware victims may want to overhaul their technical architecture to ensure they are watertight.

ION Trading's representative didn't respond to a message Saturday seeking comment. It's not clear how many of ION's devices or servers were compromised in the attack.

Ransomware is a type of malware the locks up a victim's files, and the hackers demand payment to provide an encryption key. The group behind the ION hack, LockBit, also steals files from victims and threatens to release them unless a payment is made by a certain deadline.

The Federal Bureau of Investigation discourages victims from paying ransom to hackers. The UK's National Cyber Security Centre has warned against paying ransoms too. "There is no guarantee that you will get access to your data" after paying, the agency said.

Paying a ransom "does not insulate that company from future attack," said Lizzie Cookson, director of incident response at Coveware, a ransomware response company, speaking generally about the attacks. She added that paying a ransom doesn't guarantee a victim that their data won't be published.

The attack against ION began early Tuesday and affected 42 of its clients. It ultimately forced some European and US banks and brokers to process some trades manually, effectively setting them back decades. The FBI has reached out to ION executives about the attack.

LockBit had set a deadline of Saturday for ION to pay the ransom, and it posted the company's name on its dark web "leak site" alongside a timer showing when the deadline expired. The ION post was taken down Friday, and a representative for the gang said the ransom was paid, without disclosing the amount or who paid the bill.

Bloomberg couldn't independently verify that the extortion payment was made.

A ransomware attack on Ireland's public-health system in March 2021 showed the complexity of restoring systems even with a decryption key. A notorious gang called Conti was behind the hack, which ended up compromising systems that 54 hospitals and about 4,000 other locations needed to operate vital equipment.

The attack caused some uneasiness in Conti's ranks, and the gang ended up provided the decryption key for free. About 3,600 servers and 40,000 desktop computers had been compromised and it took between five minutes and an hour to decrypt a single device. A month after the attack, the public health agency had recovered about half the servers.

--With assistance from Jordan Robertson, Ryan Gallagher and David Voreacos.

Most Read from Bloomberg Businessweek

  • ChatGPT Gets an MBA

  • A Billionaire's Son Battles a Turbulent WWE Over the Future of Pro Wrestling

  • When Hackers Hobbled Ireland's Hospitals, They Took Themselves Down, Too

  • A Portuguese Manufacturer Aims to Unseat Asia in $5,000 Bikes

  • A 3D Printer Isn't Cool. You Know What's Cool? A 3D-Printing Factory

©2023 Bloomberg L.P.


More Related News

Toxic Oil Sands Spills Spur Canada to Boost Oversight
Toxic Oil Sands Spills Spur Canada to Boost Oversight

(Bloomberg) -- Canada's federal government is stepping up environmental oversight in Alberta's oil sands after Imperial Oil Ltd. and the provincial regulator...

US Lawmaker Divisions Over FDIC Cap Threaten Action on Failing Banks
US Lawmaker Divisions Over FDIC Cap Threaten Action on Failing Banks

(Bloomberg) -- House conservatives said they would oppose any universal guarantee of bank deposits above the current $250,000 FDIC insurance cap, even as...

Hungary blocks joint EU statement on Putin
Hungary blocks joint EU statement on Putin's arrest warrant in Hague
  • World
  • 2023-03-20 18:28:21Z

Hungary has blocked a joint statement by the European Union member states on the issuance of an arrest warrant for Russian President Vladimir Putin by the...

UBS Gains as Investors Weigh Credit Suisse Deal Upside
UBS Gains as Investors Weigh Credit Suisse Deal Upside

(Bloomberg) -- UBS Group AG shares gained as investors weighed up the pros and cons of its Credit Suisse Group AG takeover, a deal that forces the smaller...

Oil Extends Losses as Banking Turmoil Sends Investors Scattering
Oil Extends Losses as Banking Turmoil Sends Investors Scattering

(Bloomberg) -- A favored trade of the world's hedge funds sunk as oil held close to 15-month lows with banking turmoil shaking confidence that a recovery in ...

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply


Top News: Business