www.insurancejournal.com
Open in
urlscan Pro
169.61.31.50
Public Scan
Submitted URL: http://www.insurancejournal.com/news/international/2023/02/03/705897.htm
Effective URL: https://www.insurancejournal.com/news/international/2023/02/03/705897.htm
Submission: On February 07 via manual from US — Scanned from DE
Effective URL: https://www.insurancejournal.com/news/international/2023/02/03/705897.htm
Submission: On February 07 via manual from US — Scanned from DE
Form analysis 7 forms found in the DOM
GET /search/
<form action="/search/" method="get" class="clearfix">
<input type="hidden" value="news" name="section">
<label for="search-query-news" class="sr-only">Search News</label>
<input type="text" class="large" name="q" id="search-query-news" value="">
<input type="submit" value="Search">
</form>GET /search/
<form action="/search/" method="get" class="clearfix">
<input type="hidden" value="markets" name="section">
<label for="search-query-markets">Search Markets</label>
<input type="text" class="large" name="q" id="search-query-markets" value="">
<input type="submit" value="Search">
</form><form class="feedback-form">
<p>Thank you! Please tell us what we can do to improve this article.</p>
<textarea placeholder="Enter your feedback..."></textarea>
<button type="submit" class="submit" disabled="">Submit</button>
<button class="cancel">No Thanks</button>
</form><form class="feedback-form">
<p>Thank you! <span class="percent"></span>% of people found this article valuable. Please tell us what you liked about it.</p>
<textarea placeholder="Enter your feedback..."></textarea>
<button type="submit" class="submit" disabled="">Submit</button>
<button class="cancel">No Thanks</button>
</form>POST https://www.insurancejournal.com/subscribe/topics
<form action="https://www.insurancejournal.com/subscribe/topics" method="post">
<input type="hidden" name="subscriber_source" value="ij/single-footer">
<input type="hidden" name="topics[]" value="agencies">
<input type="hidden" name="brand" value="insurancejournal">
<input type="hidden" name="post_id" value="705897">
<input type="text" name="twitter" class="twitter-input">
<input type="email" name="email" placeholder="Enter your email..." required="required">
<button type="submit">Submit</button>
</form>POST https://www.insurancejournal.com/wp/wp-comments-post.php
<form action="https://www.insurancejournal.com/wp/wp-comments-post.php" method="post" id="commentform" style="display: none;">
<p class="comment-notes">Your email address will not be published. Required fields are marked <span class="required">*</span></p>
<p class="comment-form-author"><label for="author">Name</label> <span class="required">*</span><input id="author" name="author" type="text" value="" size="30" aria-required="true"></p>
<p class="comment-form-email"><label for="email">Email</label> <span class="required">*</span><input id="email" name="email" type="text" value="" size="30" aria-required="true"></p>
<p class="comment-form-comment"><label for="comment">Comment</label><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true"></textarea></p>
<p class="form-submit">
<input name="submit" type="submit" id="submit" value="Post Comment">
<input type="hidden" name="comment_post_ID" value="705897" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="a3d9f90681"></p>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1675728094049">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
<p><input type="checkbox" name="notify_me" id="notify_me" value="yes"><label for="notify_me">Notify me of comments via e-mail</label></p> <input type="hidden" name="redirect_to" value="/news/international/2023/02/03/705897.htm">
</form>GET /search/
<form action="/search/" method="get">
<input type="text" name="q" value=""> <input type="submit" value="Go">
</form>Text Content
Skip to content * MyNewMarkets.com * Claims Journal * Insurance Journal TV * Academy of Insurance * Carrier Management FEATURED STORIES * Tesla Competing With ‘GEICOs of the World’ * Conn. High Court Upholds Insurers’ COVID BI Appeals * News * Markets Search News Search Markets CURRENT MAGAZINE * Read Online * Subscribe * Front Page * National * International * Most Popular * Magazine * Forums * Blogs * Videos/Podcasts * Newsletters * News * Most Popular * National * International * East * Midwest * South Central * Southeast * West * Magazines * East * Midwest * South Central * Southeast * West * Subscribe * Research * Directories * Jobs * Features * Events * Forums * Insurance Twitter * Market Directories * Quotes * Polls * Rankings & Awards * Insurance Giving Back * Subscribe HACKERS OF ION TRADING ALSO HIT UK POSTAL SERVICE, CANADA HOSPITAL, U.S. LOCAL AGENCIES By Jeff Stone and Ryan Gallagher | February 3, 2023 Email This Subscribe to Newsletter Email to a friend Facebook Tweet LinkedIn Print Article * Article * 0 Comments The hacking group behind a cyberattack against the software firm ION Trading UK has recently conducted a series of breaches throughout the world, with its victims including the UK’s postal service and local government agencies in the US. The gang, known as LockBit, is a prolific ransomware operator, according to cybersecurity experts, specializing in using malicious software to encrypt files on a victims’ computer, then demanding payment to unlock the files. Earlier this week, it struck an ION system that paralyzed derivatives trading across markets for everything from commodities to bonds, forcing a number of European and US banks and brokers to process some trades manually. The group on Thursday threatened to publish “all available data” that it claimed to have stolen from ION on their website on the dark web unless the derivatives trading platform paid an unspecified ransom by February 4. U.S. CFTC Traders Report Delayed by Ransomware Attack on Data Firm ION UK regulators have started an investigation into the ION breach, which affected 42 of the company’s clients and forced a number of European and US banks and brokers to process some trades manually. The FBI is also seeking information on the attack and has reached out to ION executives, according to people familiar with the matter. LockBit’s malware was used in a ransomware attack against the UK’s Royal Mail in January, shuttering the service’s ability to send international letters and parcels and rendering some computers there inoperable. In December, an associate of the group hacked a Canadian children’s hospital, only for LockBit to apologize and send the victim a decryption key. The city of Mount Vernon, Ohio said its police department and other government agencies were affected by a LockBit ransomware attack. “There’s no doubt that we’re seeing an increase in activity and LockBit, which has claimed responsibility for the ION attack, is one of the most prolific threat actors,” said David Naylor, who heads the UK data privacy, cybersecurity and digital assets practice at law firm Squire Patton Boggs. He added, “Clearly, they tend to focus on organizations that they think are either vulnerable or operating high-value systems, where if they successfully attack them, there’s a meaningful prospect of securing a significant ransom – if the target is willing to pay.” LockBit has been active since at least January 2020 and has hacked as many as 1,000 victims globally, extorting at least $100 million in ransom demands, according to the US Justice Department. Last year, a Canadian-Russian man was arrested in Ontario for allegedly participating in a LockBit ransomware campaign. The group’s members are also active on Russian-language cybercriminal forums, according to cybersecurity experts. Like other hacking crews, LockBit functions under the ransomware-as-a-service model, in which members lease access to the malware to “affiliates” in exchange for a cut of any ransom payment that comes as a result of the breach. “They run it like a business, and that’s the best way to explain it,” said Jon DiMaggio, chief security strategist at the cyber firm Analyst1. “The founder of LockBit runs it as if he were Steve Jobs, which is successful for them but very bad news for the rest of us.” Researchers have also studied LockBit’s hacking tools, determining that the group regularly updates its malicious software in order to avoid detection from cybersecurity products. One strain of malware, dubbed LockBit Black, shows that the gang has experimented with a kind of self-spreading malware that would make it easier for hackers to infiltrate victim organizations without the technical expertise typically required to do so, Sophos Group Ltd. researchers wrote in a blog post. On Monday, they released a new strain of ransomware based on code taken from another Russian-speaking gang, Conti, which collapsed amid internal infighting last year, DiMaggio said. A spokesperson for LockBit declined to comment when reached by Bloomberg News. –With assistance from Isis Almeida and Katherine Doherty. Photograph: A person types at a backlit keyboard arranged in Danbury, U.K., on Thursday, Jan. 7, 2021. Photo credit: Chris Ratcliffe/Bloomberg Related: * ION Trading UK Indicates Cyber Attack Could Take 2-3 Days to Resolve Copyright 2023 Bloomberg. Topics USA Cyber Agencies Canada Was this article valuable? Yes No Thank you! Please tell us what we can do to improve this article. Submit No Thanks Thank you! % of people found this article valuable. Please tell us what you liked about it. Submit No Thanks Here are more articles you may enjoy. Rising Costs of Secondary Perils Force Reinsurers to Require Higher Attachment Points Workers Comp Insurtech Pie Transitions to Full-Stack Carrier Ranks of Quiet Quitters Climb as Layoffs Mount Allstate’s Castle Key Plans to Drop 33,000 Condo Policies in Florida WRITTEN BY RYAN GALLAGHER More From Author INTERESTED IN AGENCIES? Get automatic alerts for this topic. Submit Email This Subscribe to Newsletter Email to a friend Facebook Tweet LinkedIn Print Article * Categories: International & Reinsurance NewsTopics: cyber attacks, ransomware attacks, ransomware-as-a-service, Russian hackers, state sponsored cyber attacks * Have a hot lead? Email us at newsdesk@insurancejournal.com ADD A COMMENTSEE ALL COMMENTS (0)ADD A COMMENT CANCEL REPLY Your email address will not be published. Required fields are marked * Name * Email * Comment Δ Notify me of comments via e-mail More News Root Sues Former CMO Over At Least $9.4M in Unauthorized Payments Highstreet Partners Adds 2 Pennsylvania Agencies Allstate’s Plan to Return to Profit in Auto Massachusetts’ MKS Instruments Investigates Ransomware Attack More News Features READ THIS NEXT * Hackers of ION Trading Also Hit UK Postal Service, Canada Hospital, U.S. Local Agencies * Insurers Leery of Hyundais and Kias Famous on Social Media for Being Easy to Steal * Coalition Launches Full-Stack Cyber Insurer for SMBs * McClenny Moseley Sanctioned by 3rd La. Judge for Duplicate Filings * AIG Fires Interim CFO Lyons See Today's Top Insurance News INSURANCE JOBS * Client Manager - Atlanta, GA * Underwriter or Underwriter Assistant – Personal Lines – REMOTE - Mesa, AZ * Insurance Agency Bookkeeper – REMOTE - Little Rock, AR * Account Executive - * Facultative Property Broker - New York, NY * Navigating the Brewery Market * January Renewals See Hardest Property Catastrophe Reinsurance Rates in Generation * Insurance Pricing: True D&O Buyer’s Market; Stabilized Commercial Auto * What to Watch In Healthcare D&O, EPLI Post-COVID * Pickleball Explosion in Florida Creating New Hits and Misses for Insurers, Agents * Snowboarders Sue Coach, USOPC in Assault, Harassment Case * Maid's Son Tells Judge Alex Murdaugh Took $4 Million for Her Death * Frustrated South Austin Residents Powerless, Want Answers * Chile Wildfires Spread amid Heat Wave as Death Toll Rises * Jury: Musk Didn't Defraud Investors with 2018 Tesla Tweets * February 9 Technology-Enabled Insurance Commerce: Looking Back, Reaching Forward * February 16 Is THAT Covered on Your Farm Liability Form? * February 21 E&O Issues You Didn't See Coming: A Two-Part Series * March 2 Nuclear Verdicts, Social Inflation, and Why They Matter to the Insurance World INSURANCE NEWS * News by Region * News by Topic * Yesterday SITE SEARCH FEATURES * Insurance Markets Directory * Forums * A.M. Best Company Ratings * Industry Events * Agencies For Sale * Newswire * Insurance Jobs * Rankings & Awards CONNECT WITH US * Email Newsletters * Magazine Subscriptions * For Your Website * RSS Feeds * Twitter * Facebook * LinkedIn * Do Not Sell My Info INSURANCE JOURNAL * Submit News * Advertise * Subscribe * Reprints * Link to Us * Contact Us WELLS MEDIA GROUP NETWORK * Insurance Journal * MyNewMarkets.com * Claims Journal * Insurance Journal TV * Academy of Insurance * Carrier Management © 2023 by Wells Media Group, Inc. Privacy Policy | Terms & Conditions | Site Map