The U.S. arm of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack on Thursday, causing disruptions in the U.S. Treasury. This attack is part of a series of ransom-demanding incidents carried out by hackers this year. ICBC Financial Services, the U.S. unit of China’s largest commercial lender, is currently investigating the attack and working towards recovery.
Ransomware attacks involve hackers locking up an organization’s systems and demanding a ransom for their release. These attacks often involve the theft of sensitive data for extortion purposes. While the cybercrime gang Lockbit is believed to be responsible for the attack on ICBC, their dark web site, where they typically list their victims, did not mention ICBC as a target. Lockbit did not respond to requests for comment.
Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, noted that it is uncommon for such a large bank to be targeted by such a disruptive ransomware attack. Liska believes that Lockbit was behind the attack and suggests that ransomware gangs may not publicly name their victims during ransom negotiations.
The United States has been struggling to combat cybercrime, particularly ransomware attacks, which target hundreds of companies across various industries each year. U.S. officials recently announced efforts to improve information-sharing on ransomware criminals across a 40-country alliance to curb the funding routes of these gangs.
ICBC did not comment on whether Lockbit was responsible for the attack, as it is common for victim organizations to refrain from publicly disclosing the names of cybercrime gangs. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Lockbit has targeted 1,700 U.S. organizations since its discovery in 2020. Last month, Lockbit threatened Boeing with a data leak after breaching the company’s systems.
The impact of the ICBC hack appears to be limited, but it highlights the vulnerability of systems at large organizations to cybercriminals. This incident may lead to increased scrutiny of market participants’ cybersecurity controls and draw regulatory attention.
ICBC confirmed that it successfully cleared Treasury trades executed on Wednesday and repo financing trades conducted on Thursday. Market sources suggest that trades going through ICBC were not settled due to the attack, potentially affecting market liquidity. However, it is unclear whether this contributed to the weak outcome of a 30-year bond auction on Thursday.
The U.S. Securities Industry and Financial Markets Association (SIFMA) informed its members that ICBC had been hit by ransomware, disrupting the U.S. Treasury market’s ability to settle trades on behalf of other market players. The Treasury market, however, appeared to be functioning normally on Thursday.
The Thomson RushHourDaily Trust Principles.
