The Industrial and Commercial Bank of China’s (ICBC) U.S. arm was hit by a ransomware attack that interrupted trades in the US Treasury market, the latest in a string of victims claimed by ransomware hackers this year.
ICBC Financial Services – China’s largest commercial lender by assets, said it was investigating the attack that disrupted some of its systems and was working to recover from it. According to China’s foreign ministry, the lender is attempting to minimize the risk impact and losses following the attack.
Wang Wenbin – Chinese ministry of foreign affairs, said in a press conference, “ICBC is closely monitoring the issue and has done its best in emergency response and supervisory communication.” He also added that operations at ICBC’s headquarters, other branches and subsidiaries around the world were unaffected.
A finance magazine, based in New York, stated that it is investigating and has notified law enforcement. The bank provided no additional information, but reports indicate that the attack was carried out by LockBit, a Russian-speaking ransomware syndicate.
The same group is suspected of being behind cyber-attacks on the UK’s Royal Mail, Japan’s largest maritime port, and, most recently, Boeing’s parts and distribution business. However, none of LockBit’s recent cyberattacks are said to have shook the financial world more than the hack of ICBC.
Source: TOI
In such ransomware attacks, hackers lock up a victim organization’s systems and demand a ransom to unlock them, frequently stealing sensitive data for extortion. Several ransomware experts and analysts said the hack was carried out by an aggressive cybercrime gang called Lockbit, though the gang’s dark web site, where it usually posts the names of its victims, did not list ICBC as a victim as of evening. Lockbit did not respond to a comment request sent via its website’s contact form.
According to Allan Liska, a ransomware expert at the cybersecurity firm stated that “we don’t often see such a large bank hit by such a disruptive ransomware attack,” He also believes that Lockbit was responsible for the hack, usually the ransomware gangs may not name and shame their victims when negotiating with them. This attack could be part of a trend of increasing bravado by ransomware groups. With no fear of repercussions, ransomware groups believe that no target is safe.
Authorities in the United States have struggled to combat a wave of cybercrime, primarily ransomware attacks, which affect hundreds of businesses in nearly every industry each year. In last week, US officials announced that they were working to reduce ransomware gang funding routes by improving information-sharing on such criminals across a 40-country alliance.
The ICBC declined to comment on whether Lockbit was responsible for the hack. Targets frequently refrain from publicly disclosing the names of cybercrime gangs. According to the US Cybersecurity and Infrastructure Security Agency (CISA), Lockbit has targeted 1,700 organizations in the United States since its discovery in 2020.
A CISA spokesperson directed all inquiries about the ICBC hack to the US Treasury Department. While market sources said the hack’s impact appeared to be limited, it demonstrated how vulnerable systems at large organizations like the bank remain. The incident on ICBC is likely to raise concerns about market participants’ cybersecurity controls and draw regulatory scrutiny.
Trades Completed
ICBC reported that it had completed the Treasury trades executed on last business day and repurchase agreement financing trades executed on Thursday.
Scott Skrym, executive vice president of repo and fixed income, quoted that this event had created a limited impact on the market. According to some market participants, trades going through ICBC were not settled as a result of the attack, affecting market liquidity. It was unclear whether this played a role in the poor performance of a 30-year bond auction. However, LSEG data confirmed that the Treasury market appeared to be operating normally on Friday.
