Ransomware attack on China’s Largest Bank, US Treasury Market disrupted

On Thursday, the US branch of China’s largest bank fell victim to a ransomware attack, compelling clients to redirect trades and causing disruption in the US Treasury market.

Ransomware attacks typically breach vulnerable computer systems, encrypt or steal data, and demand payment in exchange for decrypting or not publicly releasing the data.

The Industrial and Commercial Bank of China Financial Services (ICBC FS) acknowledged the attack, stating it led to disruptions in certain financial service systems.

Upon discovering the incident, the New York-based bank promptly disconnected and isolated affected systems, initiating an investigation and recovery efforts. ICBC FS successfully cleared US Treasury trades executed on Wednesday and repurchase (repo) financing trades on Thursday.

Reportedly, some trades on Thursday were manually relayed across Manhattan on a USB stick as messengers handled necessary settlement details.

China’s foreign ministry assured normalcy in the business and office systems of ICBC’s head office and its domestic and foreign branches. Foreign ministry spokesman Wang Wenbin commended ICBC for its emergency handling, supervision, and communication efforts to minimize risks and losses.

The hack, reportedly utilizing software from the Russian-speaking Lockbit hacking group, is known for scrambling files and demanding cryptocurrency payments. Lockbit targeted Boeing last week, and it was the most deployed ransomware variant globally in 2022, according to the US Cybersecurity and Infrastructure Security Agency.

The group has demanded ransoms ranging from €5 million to €70 million and has previously attacked critical infrastructure and large industrial groups, including the Royal Mail in the UK and a Canadian children’s hospital.