The cyberattack on a UK-based software firm that upended some derivatives trading doesn’t pose a “systemic risk to the financial sector,” a senior official in the US Treasury Department said Wednesday.
(Bloomberg) — The cyberattack on a UK-based software firm that upended some derivatives trading doesn’t pose a “systemic risk to the financial sector,” a senior official in the US Treasury Department said Wednesday.
The attack of ION Trading UK, first reported on Tuesday, affected 42 of its clients and forced several European and US banks and brokers to process trades manually. The company’s software is used to complete derivatives trades across stock, bond and commodities markets and the outage is affecting vital processes such as the calculation of margin calls and regulatory reporting on large market positions, according to impacted brokers.
A Russian ransomware gang LockBit was behind the attack, according to correspondence from ION obtained by Bloomberg, the contents of which were confirmed by a company representative.
Todd Conklin, deputy assistant secretary of the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection, said the issue is “currently isolated to a small number of smaller and mid-size firms and does not pose a systemic risk to the financial sector.”
“We remain connected with key financial sector partners, and will advise of any changes to this assessment,” he added.
Exchange operators CME Group Inc., Intercontinental Exchange Inc. and Cboe Global Markets Inc. said Wednesday that their members had experienced issues with a third-party software vendor. Those issues could affect the timing of publishing exchange reports by the end of the day, the firm said.
“Any impact on clearing members may affect the contents and timeliness of the publication of exchange reports, including open interest,” CME said in a note to members.
Ongoing Impact
StoneX Financial Ltd., which provides clearing and execution services, said in a note to clients Wednesday that the ION situation continues to have a market-wide impact.
The firm is taking “alternative measures to clear trading activity, with priority being given to expiring contracts,” the company said.
Access to books and records were also affected, and StoneX said it was unable to perform due diligence on payments and transfer requests, causing delays in processing. A representative for StoneX declined to comment.
“We cannot guarantee these requests will be processed until the outage is resolved,” the firm wrote in the note seen by Bloomberg.
The ICE Futures Europe exchange said it has extended the cut-off time for members to perform position maintenance by two hours until further notice.
Faster, More Automated
Software firms like ION have flourished as trading on global exchanges has become faster and more automated, but in the process they’ve become an increasingly crucial part of the plumbing in modern financial markets.
Rival trade-processing systems have also been affected due to complications matching off trades routed via ION, and as a workaround some trades are being processed manually, the brokers said. The Futures Industry Association held several calls to discuss the incident with market participants on Tuesday and Wednesday, they said.
In a message to clients seen by Bloomberg Tuesday, the US clearing unit of Dutch lender ABN Amro Bank NV said the disruption would delay its overnight processing and that it would continue to operate manually on Wednesday. A spokesperson for the bank said Wednesday the message was sent to clients as a precaution but the firm was able to keep business running as usual after it implemented a back-up system.
Steve Adamske, spokesman for the US Commodity Futures Trading Commission, said the derivatives regulator is aware of ION’s incident and is “working closely with impacted parties, regulators and other market participants to ensure orderly resolution.”
Lockbit, one of the most prolific ransomware gangs in the world, uses malicious software to encrypt files on its victims’ computers, rendering them inoperable. The gang then demands payment to unlock the files. The group has been active since at least January 2020, and has hacked as many as 1,000 victims in the US and around the world, extorting at least $100 million in ransom demands, according to the US Justice Department.
–With assistance from Aisha S Gani, Ryan Gallagher, Cagan Koc, Lydia Beyoud and Yvonne Yue Li.
(Writes through with new details throughout)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.