ICBC’s US unit hit by ransomware attack, disrupting Treasury trades
WASHINGTON, Nov 9 (Reuters) – Industrial and Commercial Bank of China’s U.S. arm was targeted by a ransomware attack on Thursday, causing disruptions in the U.S. Treasury market, according to a report by the Financial Times. The attack is the latest in a string of ransomware incidents that have affected organizations in the United States.
ICBC Financial Services, the U.S. unit of China’s largest commercial lender, is currently investigating the attack and working towards recovering from it. Ransomware attacks, in which hackers lock up a victim organization’s systems and demand payment for unlocking them, have become increasingly common, with hackers often stealing sensitive data for extortion.
Experts and analysts believe that the cybercrime gang Lockbit was behind the attack, though the gang’s dark web site has not mentioned ICBC as a victim as of Thursday evening. Lockbit did not respond to a request for comment sent via a contact address posted on its site.
Allan Liska, a ransomware expert at Recorded Future, said, “We don’t often see a bank this large get hit with this disruptive of a ransomware attack.” He believes that ransomware groups may not publicly name their victims when negotiating ransom demands.
The impact of the ransomware attack on the U.S. Treasury market appeared limited, with ICBC able to successfully clear Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday. However, some market participants said that trades going through ICBC were not settled due to the attack, affecting market liquidity.
The U.S. Treasury Department said it was aware of the cybersecurity issue and was in regular contact with key financial sector participants and federal regulators. The department stated that it was monitoring the situation closely.
The incident is expected to prompt increased regulatory scrutiny and raise questions about cybersecurity controls at large financial institutions. The U.S. Securities Industry and Financial Markets Association (SIFMA) told its members that ICBC had been hit by ransomware, disrupting the U.S. Treasury market by preventing it from settling trades on behalf of other market players.
The Treasury market appeared to be functioning normally on Thursday, according to data from LSEG. The Reuters Washington bureau is covering the incident closely, focusing on banking regulators and financial policy.