WASHINGTON: The Industrial and Commercial Bank of China’s (ICBC) US arm was hit by a ransomware attack that disrupted trades in the US Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed this year.
ICBC Financial Services, the US unit of China’s largest commercial lender by assets, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.
China’s foreign ministry said on Friday the lender is striving to minimise risk impact and losses after the attack.
“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” ministry spokesperson Wang Wenbin told a regular news conference.
Wang added businesses remained normal at ICBC head office and other branches and subsidiaries across the globe.
Hackers lock up a victim organisation’s systems in such attacks and demand ransom for unlocking it, often also stealing sensitive data for extortion. Several ransomware experts and analysts said an aggressive cybercrime gang named Lockbit was believed to be behind the hack, although the gang’s dark web site where it typically posts names of its victims did not mention ICBC as a victim as of Thursday evening. Lockbit did not respond to a request for comment sent via a contact address posted on its site.
“We don’t often see a bank this large get hit with this disruptive of a ransomware attack,” said Allan Liska, a ransomware expert at the cybersecurity firm Recorded Future. Liska, who also believes Lockbit was behind the hack, said ransomware gangs may not name and shame their victims when they are negotiating with them.
“This attack continues a trend of increasing brazenness by ransomware groups,” he said. “With no fear of repercussions, ransomware groups feel no target is off limits.”
US authorities have struggled to curb a rash of cybercrime, chiefly ransomware attacks, which hit hundreds of companies in nearly every industry each year. Just last week US officials said they were working on curtailing the funding routes of ransomware gangs by improving information-sharing on such criminals across a 40-country alliance.
The ICBC did not comment on whether Lockbit was behind the hack. It is common for targets to refrain from publicly disclosing the names of cybercrime gangs.