ICBC’s U.S. Arm Hacked by Ransomware

The U.S. arm of the Industrial and Commercial Bank of China (ICBC) was attacked by hackers using ransomware. This attack slightly disrupted the U.S. Treasury market and added to the rising number of cybercrime instances this year.

ICBC Financial Services, the U.S. unit of China’s largest commercial lender, is actively trying to remedy the fallout of the cyberattack and are currently working towards system recovery. China’s foreign ministry assured that ICBC is doing everything in its power to minimise the impact and losses. ICBC assures that the global operations remain normal.

The attack is likely masterminded by the Lockbit cybercrime gang, which is infamous for its aggressive tactics. Although Lockbit did not take the credit for the attack on their website, cybersecurity experts suspect their involvement. Allan Liska from Recorded Future stated that it is very uncommon for a large bank to fall victim to such a large ransomware attack, which just further showcases the increasing boldness of cybercriminals.

Ransomware attacks involve hackers encrypting an organisation’s systems and demanding payment for its release, which often comes with the threat of exposing sensitive data. Lockbit has targeted 1,700 U.S. organisations, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Despite the disruption, ICBC successfully executed Treasury trades on Wednesday and repo financing trades on Thursday. However, there is potential for disruptions in trade settlement and market liquidity as noted by market participants. The incident once again raises big concerns about the cybersecurity controls of major organisations, this incident will most definitely add to ever-increasing regulatory scrutiny.

The attack on ICBC adds to the trend of increasing boldness among ransomware groups. It seems that cybercriminals are becoming fearless of consequences. U.S. authorities are actively working to enhance international cooperation to try find and cut funding routes for these criminal enterprises.

The Treasury market continued to function normally, according to data from the London Stock Exchange Group (LSEG). The impact appears to be limited and is contained for the time being. The bigger issue is that the attack showcased the vulnerability of large organisations to cyberattacks. This and many other cyberattacks this year urges a reevaluation of cybersecurity measures and regulation in the financial sector.