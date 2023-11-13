Chinese banking giant Industrial and Commercial Bank of China’s (ICBC) U.S. arm recently fell victim to a ransomware attack, causing disruptions in the U.S. Treasury market. This attack is part of a growing trend of ransomware attacks targeting high-profile organizations. Although ICBC Financial Services, the U.S. unit of the bank, is actively investigating the incident and working towards recovery, it highlights the ongoing vulnerability of large organizations to cyber threats.

The Chinese foreign ministry has assured that ICBC is taking steps to minimize the impact and losses caused by the attack. The bank has implemented emergency response measures and maintained normal business operations at its head office and other branches worldwide. However, ransom-demanding hackers typically lock up a victim’s systems and demand payment for their release, often accompanied by the threat of leaking sensitive data.

While the identity of the hacking group behind the attack remains unconfirmed, cybersecurity experts believe it could be the work of the Lockbit gang. This aggressive cybercrime group has a history of targeting organizations and has reportedly affected 1,700 U.S. entities since its discovery in 2020. Although Lockbit has not specifically named ICBC as a victim on its dark web site, experts suggest that ransomware gangs may choose not to disclose their victims during negotiations.

Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, highlights the audacity of this attack on a bank as prominent as ICBC. He notes that ransomware groups are becoming increasingly bold, feeling that no target is off-limits. This incident adds to the growing concern over cybersecurity controls within the financial industry and may trigger regulatory scrutiny.

Despite the attack, ICBC stated that it successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades conducted on Thursday. However, some market participants reported that trades through ICBC were not settled due to the attack, potentially impacting market liquidity. The full extent of the attack’s influence on the weak outcome of a 30-year bond auction remains unclear.

While ICBC did not comment on the identity of the hackers responsible, authorities have been working to combat cybercrime, particularly ransomware attacks, on a broader scale. Collaboration between U.S. officials and a global alliance of 40 countries aims to curtail the funding routes of ransomware gangs and improve information-sharing on cybercriminals.

This incident serves as a reminder that even the largest financial institutions are not immune to cyber threats. It emphasizes the need for continuous vigilance and security measures to safeguard sensitive data and ensure the stability of financial markets.

FAQ

What is ransomware?

Ransomware is a type of malicious software that encrypts a victim’s files and demands a ransom payment in exchange for restoring access to them. Hackers often threaten to release sensitive data if the ransom is not paid.

Who is Lockbit?

Lockbit is a cybercrime gang known for carrying out ransomware attacks on organizations. They infiltrate systems, encrypt files, and demand a ransom for their release. They have targeted numerous entities globally since their emergence in 2020.

How did ICBC respond to the attack?

ICBC’s U.S. unit, ICBC Financial Services, promptly responded to the attack by initiating an investigation and taking steps towards recovery. The bank ensured business continuity at its head office and other branches worldwide, while closely monitoring the situation and communicating with relevant stakeholders.

What impact did the attack have on the market?

The overall impact on the market appeared to be limited. ICBC successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades conducted on Thursday. However, some trades through ICBC were not settled, potentially affecting market liquidity.

How are authorities addressing ransomware attacks?

Authorities, including those in the United States, are actively working on curbing cybercrime, particularly ransomware attacks, through various measures. These efforts involve improving information-sharing across countries and disrupting the funding channels of ransomware gangs.