China’s Industrial and Commercial Bank (ICBC), the country’s largest lender, has paid a ransom following a recent cyberattack, a representative of the Lockbit ransomware gang confirmed on Monday.
The attack targeted ICBC’s U.S. arm and caused disruptions in the U.S. Treasury market on November 9. The Lockbit representative stated, “They paid a ransom, deal closed,” via Tox, an online messaging app.
The ransomware attack on ICBC’s U.S. broker-dealer resulted in a temporary disruption, leaving the bank owing $9 billion to BNY Mellon, an amount significantly larger than its net capital. The extent of the hack was severe, with corporate email systems at the firm ceasing to function, forcing employees to transition to Google mail, Reuters news report said.
This cyberattack occurred during a period of heightened concerns about the resilience of the $26 trillion Treasury market, a crucial component of global finance. The incident is expected to attract regulatory scrutiny.
The Financial Services Information Sharing and Analysis Center, a cybersecurity group in the financial industry, emphasized that financial firms have established protocols for sharing information on such incidents. A spokesperson stated, “Ransomware remains one of the top threat vectors facing the financial sector.”
Lockbit, known for targeting large organizations and leaking sensitive data if victims refuse to pay the ransom, has become a prominent ransomware threat globally in recent years. U.S. officials note that it has risen to the position of the world’s top ransomware threat in just three years. The group has disrupted more than 1,700 American organizations across various sectors, including financial services, food, education, transportation, and government departments.
Authorities traditionally advise against paying ransomware gangs to disrupt their business model. Ransom payments are often demanded in cryptocurrency, providing anonymity and making tracking difficult. Some companies, facing reputational damage and lacking digital backups, choose to pay to quickly restore their systems.
Last week, Lockbit hackers published internal data from aerospace giant Boeing and claimed to have infected computer systems at law firm Allen & Overy. The increasing frequency and sophistication of such cyberattacks highlight the ongoing challenges faced by organizations worldwide in securing their digital infrastructure.