Lockbit Claims Ransomware Ransom From ION Has Been Paid
Lockbit has reached an agreement on ION data. (photo; doc. Pixabay)

JAKARTA- The hackers who claimed responsibility for a disruptive breach at financial data firm ION, Lockbit, say a ransom has been paid. But they declined to say how much or offer evidence that the money had been handed over.

ION Group declined to comment on the statement. Lockbit communicated the claims to Reuters via its online chat account on Friday 3 February but declined to clarify who had paid the money. They said only that the money came from an "unknown and very wealthy benefactor."

While the FBI did not immediately return a request for comment. The UK's National Cyber ​​Security Agency, part of the UK's GCHQ wiretapping intelligence agency, told Reuters it would not comment.

The ransomware outbreak that erupted at ION on Tuesday, January 31 has disrupted the trading and clearing of exchange-traded financial derivatives, causing problems for a number of brokers, sources familiar with the matter told Reuters this week.

Among ION's many clients whose operations are likely to be affected are ABN Amro Clearing and Intesa Sanpaolo, Italy's largest bank. This is known according to messages to clients from both banks seen by Reuters.

ABN told clients last Wednesday that experiencing "technical glitches" from ION, some apps were unavailable and expected to remain so for "a few days".

It is not clear whether paying the ransom will speed up the cleanup efforts. Ransomware works by encrypting company-critical data and extorting victims for compensation in exchange for decryption keys. But even if the hacker hands over the keys, it could still take days, weeks, or longer to repair the damage to a company's digital infrastructure.

There are already signs that Lockbit has struck a deal over ION's data. The company name was removed early Friday from the blackmail site Lockbit, where the company's victims were named and shamed in an attempt to force payments. Experts say it is often a sign that ransom money has been sent.

"When a victim is removed from the list, it most often means that the victim has agreed to enter negotiations or has paid," said ransomware expert Brett Callow of New Zealand-based cybersecurity firm Emsisoft.

Callow says it's possible beyond that that there is some other explanation for Lockbit going backwards openly.

"That may mean the ransomware gang has cooled off or decided not to proceed with the extortion for some other reason," he said.

Ransomware has emerged as one of the most expensive and annoying scourges of the internet. As of Friday evening, racketeering website Lockbit alone counted 54 victims shaken, including a television station in California, a school in Brooklyn and a city in Michigan.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)