The hackers who took credit for a disruptive hack at financial data company ION claim that a ransom has been paid, but they would not specify the amount or provide any proof that the money had been transferred.
The ION Group declined to respond to the assertion. On Friday, Lockbit informed Reuters of the claim via its online chat account, but it chose not to specify who had paid the money, only stating that it had come from a “very rich unknown philanthropist.”
When contacted for comment, the FBI did not respond right away. The British eavesdropping intelligence agency GCHQ’s National Cyber Security Agency told Reuters it had nothing further to add.
Numerous brokers have experienced issues as a result of the exchange-traded financial derivatives trading and clearing being disrupted by the ransomware outbreak that broke out at ION on Tuesday, according to sources familiar with the situation who spoke to Reuters this week.
ABN Amro Clearing and Intesa Sanpaolo, the largest bank in Italy, were two of the numerous ION clients whose operations were likely to have been impacted, according to messages to clients from both banks that were seen by Reuters.
It was unclear whether or not paying the ransom would expedite the cleanup process. Ransomware operates by encrypting crucial corporate data and demanding ransom payments from its victims in return for the decryption keys. The damage to a company’s digital infrastructure may take days, weeks, or even longer to repair even if hackers hand over the keys.
There were already hints that Lockbit and ION had come to some sort of understanding regarding the data. Lockbit’s extortion website, where victim companies are named and shamed in an effort to force a payout, had the company’s name removed earlier on Friday. According to experts, this frequently indicates that a ransom has been paid.
