ICBC ransomware attack disrupts Treasury trades

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

In a statement on its site, ICBC Financial Services, the US unit of the world’s largest lender, says it “experienced a ransomware attack that resulted in disruption to certain FS systems”.

Business and email systems were not hit, nor was ICBC’s head office or other overseas units.

The bank “disconnected and isolated impacted systems,” and is working on recovery efforts, conducting an investigation and has reported the attach to law enforcement. In addition, it says it “successfully cleared” US Treasury trades executed Wednesday and repo financing trades done on Thursday.

According to Bloomberg, this was done by putting settlement details on a USB stick and sending it to market participants by a messenger. Nevertheless, the Financial Time reports that there was disruption to US Treasury trades.

While no party has claimed responsibility for the attack, several cybersecurity experts have identified the LockBit gang as likely culprits. The group has made over 1400 attacks against US victims, according to the DoJ, and earlier this year hit trading tech firm ION.

“This is a true shock to large banks around the world,” says Marcus Murray from cybersecurity firm Truesec. “The ICBC hack will make large banks around the globe race to improve their defenses, starting today.”