ION's Woes Far From Over Even If It Paid Ransom, Experts Say

  • In Business
  • 2023-02-05 00:21:59Z
  • By Bloomberg

(Bloomberg) -- The hackers behind the recent ransomware attack on ION Trading UK, which upended derivatives trading around the world, claim the extortion payment was paid.

Most Read from Bloomberg

  • Trump Offers $1 Million Bond to Appeal Clinton Suit Sanctions

  • US Downs Chinese Balloon, Prompting Protests from Beijing

  • From China to Big Sky: The Balloon That Unnerved the White House

  • Thousands Mistake US Research Balloon for Chinese Spy Craft

  • What You Need to Know About the Suspected Chinese Spy Balloon Floating Over the US

While ION Trading has declined to comment on the hackers' claim, cybersecurity experts say paying a ransom isn't a magic bullet that automatically restores computer systems. Rather, the recovery drag on for months, they said.

"You might get the decryption key quickly, but depending on how many systems were affected it can take weeks to months to get everything working properly again," said Lou Steinberg, founder of CTM Insights, a cybersecurity research firm.

If a ransom is paid, the hacking group is supposed to provide a key to unlock the files. Computer servers that have been encrypted by ransomware often need to have their files decrypted one by one, which can take days or weeks, according to cybersecurity experts. And once a machine has had its data decrypted, that machine is no longer trusted and needs to be wiped and completely rebuilt. The process with PCs is typically faster.

"It is not just a matter of restoring the files," said Allan Liska, a ransomware expert for the cybersecurity firm Recorded Future Inc. "You also have to go through every machine to ensure the attacker didn't leave tools behind that could help them reconnect to the network and carry out another attack."

Once a company has paid a ransom, other ransomware groups may try to exploit weaknesses in its IT systems to extort them again, Liska added. As a result, ransomware victims may want to overhaul their technical architecture to ensure they are watertight.

ION Trading's representative didn't respond to a message Saturday seeking comment. It's not clear how many of ION's devices or servers were compromised in the attack.

Ransomware is a type of malware the locks up a victim's files, and the hackers demand payment to provide an encryption key. The group behind the ION hack, LockBit, also steals files from victims and threatens to release them unless a payment is made by a certain deadline.

The Federal Bureau of Investigation discourages victims from paying ransom to hackers. The UK's National Cyber Security Centre has warned against paying ransoms too. "There is no guarantee that you will get access to your data" after paying, the agency said.

Paying a ransom "does not insulate that company from future attack," said Lizzie Cookson, director of incident response at Coveware, a ransomware response company, speaking generally about the attacks. She added that paying a ransom doesn't guarantee a victim that their data won't be published.

The attack against ION began early Tuesday and affected 42 of its clients. It ultimately forced some European and US banks and brokers to process some trades manually, effectively setting them back decades. The FBI has reached out to ION executives about the attack.

LockBit had set a deadline of Saturday for ION to pay the ransom, and it posted the company's name on its dark web "leak site" alongside a timer showing when the deadline expired. The ION post was taken down Friday, and a representative for the gang said the ransom was paid, without disclosing the amount or who paid the bill.

Bloomberg couldn't independently verify that the extortion payment was made.

A ransomware attack on Ireland's public-health system in March 2021 showed the complexity of restoring systems even with a decryption key. A notorious gang called Conti was behind the hack, which ended up compromising systems that 54 hospitals and about 4,000 other locations needed to operate vital equipment.

The attack caused some uneasiness in Conti's ranks, and the gang ended up provided the decryption key for free. About 3,600 servers and 40,000 desktop computers had been compromised and it took between five minutes and an hour to decrypt a single device. A month after the attack, the public health agency had recovered about half the servers.

--With assistance from Jordan Robertson, Ryan Gallagher and David Voreacos.

Most Read from Bloomberg Businessweek

  • ChatGPT Gets an MBA

  • A Billionaire's Son Battles a Turbulent WWE Over the Future of Pro Wrestling

  • When Hackers Hobbled Ireland's Hospitals, They Took Themselves Down, Too

  • A Portuguese Manufacturer Aims to Unseat Asia in $5,000 Bikes

  • A 3D Printer Isn't Cool. You Know What's Cool? A 3D-Printing Factory

©2023 Bloomberg L.P.


More Related News

Putin's Belarus Nuclear Move Puts Him at Odds With China Pledge
  • World
  • 2023-03-27 13:13:04Z

(Bloomberg) -- While Russian President Vladimir Putin's plan to station nuclear weapons in neighboring Belarus is unlikely to change Europe's strategic...

First Citizens Buys Silicon Valley Bank After Run on Lender
First Citizens Buys Silicon Valley Bank After Run on Lender

(Bloomberg) -- First Citizens BancShares Inc. agreed to buy Silicon Valley Bank which was seized by regulators following a run on the lender.Most Read from...

Impax CEO Says Funds Have Run Out of
Impax CEO Says Funds Have Run Out of 'Investible' Green Assets

(Bloomberg) -- Impax Asset Management Group, which runs one of the world's biggest investment portfolios geared toward a low-carbon economy, is warning that ...

US Futures Waver, Bonds Dip With Markets on Edge: Markets Wrap
US Futures Waver, Bonds Dip With Markets on Edge: Markets Wrap

(Bloomberg) -- Early gains for US equity futures evaporated as markets remained on edge, with investors weighing the risk of recession and its impact on...

Morgan Stanley Strategist Says Earnings Are Next Risk to Equities
Morgan Stanley Strategist Says Earnings Are Next Risk to Equities

(Bloomberg) -- Morgan Stanley's Michael Wilson - among the most prominent bearish voices on US stocks - says turmoil in the banking sector has left earnings ...

Leave a Comment

Your email address will not be published. Required fields are marked with *

Cancel reply


Top News: Business