(Washington) The U.S. arm of China’s largest bank said Thursday it had been hit by a ransomware attack, forcing customers to reroute transactions and disrupting the U.S. Treasury market.
Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom demand demanding payment in exchange for decrypting the data or not disclosing it publicly.
The Industrial and Commercial Bank of China Financial Services (ICBC FS) said Thursday that it “experienced a ransomware attack that resulted in disruption to some (financial services) systems.”
“Immediately upon discovering the incident, ICBC FS disconnected and isolated the affected systems to contain the incident,” the New York-based bank said, adding that it was investigating the attack and working on recovery.
ICBC FS said it successfully cleared U.S. Treasury Department trades executed on Wednesday and repurchase (repo) financing trades on Thursday.
Bloomberg reported that some transactions processed by ICBC FS had to be transported on a USB drive across Manhattan on Thursday as couriers manually transmitted the required settlement details.
China’s Foreign Ministry said Friday that “business and office systems at ICBC headquarters and other domestic and foreign branches and subsidiaries within the group are normal.”
“As far as is known, ICBC has paid close attention to this issue and has done a good job in emergency management, supervision and communication, striving to minimize the impact of risks and losses,” Foreign Ministry spokesperson Wang Wenbin said at a regular news briefing.
According to him, “At present, the business systems and office systems of ICBC head office and other domestic and foreign branches and subsidiaries within the group are normal. »
US media reported that the hack was carried out using software created by Lockbit, the Russian-speaking hacking group known for scrambling files on a host’s computer and flashing messages demanding payment in cryptocurrency to solve the problem.
American aircraft manufacturer Boeing was also hit by a Lockbit attack last week.
Last year, LockBit was “the most deployed ransomware variant globally and continues to be prolific in 2023,” according to the U.S. Cybersecurity and Infrastructure Security Agency.
The U.S. Department of Justice said in May that LockBit ransomware had been used in more than 1,400 attacks worldwide.
LockBit targeted critical infrastructure and large industrial groups, with ransom demands ranging from 5 to 70 million euros. The group attacked the British postal operator in early January and a Canadian children’s hospital in December.
