Executive Summary
The Industrial and Commercial Bank of China (ICBC), the world’s largest bank by assets, recently fell victim to a significant ransomware attack allegedly by the LockBit group.
This cyberattack disrupted the U.S. Treasury market, impacting global financial systems and causing widespread concern.
The attack is suspected to have been conducted by the notorious ransomware gang LockBit, which has a history of targeting mid-sized organisations for extortion.
In response to the attack, ICBC had to resort to unconventional methods for trade settlement, including using a USB stick for US Treasury trades, illustrating the profound impact of the incident on its operations.
The Attack
The ransomware attack on ICBC was a major event in the world of cybercrime, highlighting the vulnerabilities even in large, well-protected financial institutions.
The ransomware attack on ICBC caused significant disruptions not only to the bank’s operations but also to the US Treasury market. This forced clients to reroute trades and impacted liquidity, which could potentially influence the outcome of a 30-year bond auction.
This incident was part of a growing trend of aggressive and disruptive ransomware attacks by groups like LockBit. They have been increasingly targeting high-profile victims with little fear of repercussions.
The attack on ICBC, a bank with over $6 trillion in assets and nearly 435,000 employees, underlines the scale and seriousness of modern cyber threats.
Response
ICBC is actively working to restore its services and minimise the impact on its operations and the broader financial market following the ransomware attack.
The bank cleared Treasury trades and repo financing trades despite the challenges posed by the attack. ICBC’s efforts to maintain operations included the use of USB sticks for trade settlements.
ICBC did not comment on whether Lockbit was behind the hack.
The Chinese government stated that ICBC is striving to minimise risk impact and losses after the attack.
ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,
ministry spokesperson Wang Wenbin told a regular news conference.
Wang added businesses remained normal at ICBC head office and other branches and subsidiaries across the globe.
LockBit Ransomware
LockBit is a notorious ransomware gang that has gained notoriety for targeting medium-sized organisations and government organisations in high-profile cyberattacks. The groups operates as a Ransomware-as-a-Service (RaaS) model, where affiliates are recruited to conduct ransomware attacks.
The group is believed to be behind the ransomware attack on ICBC. Although, the gang’s dark web site has not explicitly mentioned ICBC as a victim.
LockBit operates by locking up victim organisations’ systems and demanding ransom for unlocking them. It is often accompanied by the threat of leaking sensitive data. Since its discovery in 2020, LockBit has targeted approximately 1,700 U.S. organisations, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). LockBit also threatened Boeing in early November.
Takeaways
This attack on such a large financial institution like ICBC highlights the increasing brazenness and audacity of ransomware groups. With little fear of repercussions, these groups appear to consider no target off-limits. This poses a significant challenge for cybersecurity and law enforcement agencies.
Despite the finance sector’s reputation for high standards and strict security protocols, the recent successful ransomware attack on ICBC demonstrates the need for a thorough review. Enhancement of the industry’s security measures seems to be needed.
It is evident that the evolving threat landscape necessitates a reevaluation of security practices. The implementation of enhanced measures must better safeguard critical financial infrastructure.
This incident is an ongoing and rapidly evolving situation. We will closely monitor the developments and provide timely updates as new information becomes available.