top of page
Staff

ICBC's U.S. Division Hit by Ransomware Attack, Disrupting Treasury Trading Operations

The U.S. division of ICBC, a major Chinese bank, recently faced a ransomware cyberattack, impacting its Treasury trading operations. ICBC Financial Services, the bank's financial arm, experienced system disruptions due to the attack. The bank responded swiftly, isolating affected systems to mitigate the incident's impact.


Ransomware attacks, where hackers seize control of systems and demand payment for release, have become increasingly common. The identity of the attackers remains undisclosed, but ICBC is conducting a thorough investigation with the aid of information security experts and coordinating with law enforcement.


Despite the attack, ICBC managed to clear U.S. Treasury and repo financing trades. However, reports from various sources, including the Financial Times, indicated disruptions in Treasury trade settlements. The U.S. Treasury Department is monitoring the situation closely, maintaining regular communication with key financial sector entities.


ICBC emphasized that its U.S. arm's email and business systems are separate from its China operations, and the cyberattack did not affect its main office or other domestic and international affiliates.


China's Ministry of Foreign Affairs, through spokesperson Wang Wenbin, reported that ICBC is actively working to minimize the attack's impact and losses, effectively managing the emergency response.


Details about the ransomware remain unclear, with no group claiming responsibility yet.


However, cybersecurity expert Marcus Murray noted that the ransomware used is likely LockBit 3.0, a challenging strain for researchers due to its unique password requirement for each malware instance. LockBit, responsible for about 28% of ransomware attacks from July 2022 to June 2023, operates a "ransomware-as-a-service" model, selling its software to other hackers for attacks.


The U.S. Department of Justice recently charged a Russian national for involvement in deploying LockBit ransomware, highlighting the global reach and significant impact of these cyberattacks.

bottom of page