China's biggest bank ICBC falls victim to ransomware attack
What's the story
The US division of China's Industrial and Commercial Bank of China (ICBC), called ICBC Financial Services, fell victim to a ransomware attack causing disruptions in US Treasury trades, reported Reuters. This incident is just one of many ransomware attacks that have plagued various organizations throughout the year. As China's largest commercial lender by assets, ICBC is currently investigating the attack and working on recovery efforts.
Details
Lockbit is suspected to be the culprit
Cybersecurity experts and analysts believe that the Lockbit cybercrime gang may be behind the attack on ICBC. Interestingly, the gang's dark web site, which usually lists its victims, did not mention ICBC as of Friday morning. Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, explained to Reuters that ransomware gangs might not publicly disclose their victims while negotiating ransom payments.
What Next?
Impact on US Treasury trades
Despite the attack, ICBC managed to clear Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades completed on Thursday. Scott Skrym, Executive Vice President for fixed income and repo at broker-dealer Curvature Securities, stated that the incident had minimal impact on the market. However, some market participants observed that trades processed through ICBC were not settled due to the attack, affecting market liquidity.
Insights
Lockbit's previous attacks
Since its emergence in 2020, Lockbit has targeted 1,700 US organizations, as reported by the US Cybersecurity and Infrastructure Security Agency (CISA). The group has previously attacked companies such as Boeing, ION Trading UK, and the UK's Royal Mail. In a recent incident, Lockbit threatened Boeing with the release of sensitive data it claimed to have acquired during a breach.
Facts
Response from authorities and regulators
The US Treasury Department is aware of the cybersecurity issue and maintains regular communication with key financial sector participants and federal regulators. LSEG data indicated that the Treasury market appeared to be operating normally on Thursday. The attack on ICBC underscores the vulnerability of large organizations' systems to cybercriminals and may prompt questions about market participants' cybersecurity measures, potentially leading to regulatory scrutiny.