China’s biggest lender, the Industrial and Commercial Bank of China (ICBC), has reportedly paid a ransom following a ransomware attack last week. The attack was carried out by the Lockbit ransomware gang and disrupted trades in the US Treasury market on November 9. While Reuters was unable to independently verify the claim, a representative from the Lockbit group stated that ICBC had paid the ransom. ICBC has not yet responded to requests for comment.
The attack on ICBC’s US arm resulted in a blackout at its broker-dealer, leaving the firm temporarily owing BNY Mellon a significant sum of $9 billion. This amount is considerably larger than ICBC’s net capital. The hack was so extensive that even corporate email systems were affected, forcing employees to switch to Gmail.
Zhiwei Ren, a portfolio manager at Penn Mutual Asset Management, stated that the market is mostly back to normal following the attack. However, concerns about the resiliency of the $26 trillion Treasury market remain, and regulators are likely to scrutinize the incident.
The US Treasury Department has not yet commented on the ransomware attack. The Financial Services Information Sharing and Analysis Center, a financial industry cybersecurity group, emphasized the importance of staying up-to-date with protective measures and patching vulnerabilities promptly. Ransomware continues to be a top threat facing the financial sector.
Lockbit has recently targeted some of the world’s largest organizations, stealing and leaking sensitive data when victims refuse to pay the ransom. In just three years, it has become the leading ransomware threat globally, according to US officials. The United States has been particularly affected, with more than 1,700 American organizations from various sectors falling victim to Lockbit attacks.
Authorities have consistently advised against paying ransomware gangs in an effort to disrupt their business model. Ransom payments are typically demanded in cryptocurrency, making them harder to trace and ensuring anonymity for the recipient. However, some companies have quietly paid the ransom to quickly restore their systems and avoid the potential reputational damage of having their sensitive data publicly exposed. In cases where victims do not have digital backups, paying the ransom may be the only option.
The Lockbit group recently published internal data from aerospace giant Boeing and claimed to have infected the computer systems of law firm Allen & Overy. These incidents highlight the growing threat posed by ransomware attacks to organizations worldwide.
More detail via Rappler here… ( Image via Rappler )