The US arm of the Industrial and Commercial Bank of China (ICBC) was hit by a ransomware attack that minimally disrupted trades in the US Treasury market on Thursday (November 9).
The company, in a statement on Thursday, said that it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it. Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the statement stated.
Here are 7 things you need to know.
ICBC, a Chinese state-owned commercial bank, is China’s — and the world’s — largest lender in terms of assets (over $ 6 trillion), and one of the most profitable companies in the world, according to Forbes. It is also the 3rd largest bank in the world (behind JPMorgan Chase and Bank of America) by market capitalization, at $ 194.57 billion, according to a Fobes article from August.
Ransomware is a type of malicious software (commonly referred to as malware) that either blocks access to, or threatens to publish sensitive data until the victim pays a ransom fee to the attacker. It is a type of a cyber attack that has become increasingly popular among bad actors in recent years.
3. What do we know about this attack?
ICBC has not made public the specifics of the attack, nor the attacker behind it. All that is known for sure is that the company is in touch with law enforcement agencies in the United States, as well as in China. However, the Financial Times reported that a ransomware called Lockbit 3.0 was behind the attack.
LockBit 3.0 was created by Lockbit, a group which effectively sells its malware bad actors on the dark web. Lockbit 3.0 is the most popular strain of ransomware, accounting for around 28 per cent of all known attacks from July 2022 to June 2023, CNBC reported. “LockBit actors have executed over 1,400 attacks against victims in the United States and around the world, issuing over $100 million in ransom demands,” the US Department of Justice said in a press release in June. The group previously claimed responsibility for ransomware attacks on Boeing last month. It is said to have Russian origins, though this has never been confirmed.
5. Why is this attack such a big deal?
“We don’t often see a bank this large get hit with this disruptive ransomware attack,” Allan Liska, a ransomware expert at the cybersecurity firm Recorded Future, told Reuters. Successful cyberattacks on banks are rare since the financial industry is extremely well protected, with serious investment in cybersecurity and segmented operations to discourage theft. Thus, this particular attack is somewhat unprecedented, even though it is the latest in a string of ransomware attacks in the recent past. Given the salience of ICBC in the global financial system, such an attack could have had huge consequences.
6. What has the impact of this attack been?
US Treasury Secretary Janet Yellen, however, suggested Friday this attack only minimally disrupted the US Treasury market. “We’ve not seen an impact on the Treasury market,” Yellen told reporters. While some market participants did say that trades going through ICBC were not settled due to the attack and thus affected market liquidity, ICBC said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday. The Treasury market appeared to be functioning normally on Thursday, Reuters reported.
7. How have authorities responded to a spate of ransomware attacks?
Authorities around the world have struggled to curb a rash of these attacks, which hit hundreds of companies in nearly every industry each year. Just last week US officials said they were working on curtailing the funding routes of ransomware gangs by improving information-sharing on such criminals across a 40-country alliance. The latest attack shows just how vulnerable systems are, and is likely to spur questions on market participants’ cyber security protocols.