Industrial and Commercial Bank of China Ltd Nov 10 - The Industrial and Commercial Bank of China's U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed this year. ICBC Financial Services, the U.S. unit of China's largest commercial lender by assets, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it. Advertisement Scroll to continue China's foreign ministry said on Friday the lender is striving to minimise risk impact and losses after the attack. Wang added businesses remained normal at ICBC head office and other branches and subsidiaries across the globe. Several ransomware experts and analysts said an aggressive cybercrime gang named Lockbit was believed to be behind the hack, although the gang's dark web site where it typically posts names of its victims did not mention ICBC as a victim as of Thursday evening. Advertisement Scroll to continue "We don't often see a bank this large get hit with this disruptive of a ransomware attack," said Allan Liska, a ransomware expert at the cybersecurity firm Recorded Future. Liska, who also believes Lockbit was behind the hack, said ransomware gangs may not name and shame their victims when they are negotiating with them. "This attack continues a trend of increasing brazenness by ransomware groups," he said. "With no fear of repercussions, ransomware groups feel no target is off limits." Advertisement Scroll to continue U.S. authorities have struggled to curb a rash of cybercrime, chiefly ransomware attacks, which hit hundreds of companies in nearly every industry each year. Just last week U.S. officials said they were working on curtailing the funding routes of ransomware gangs by improving information-sharing on such criminals across a 40-country alliance. The ICBC did not comment on whether Lockbit was behind the hack. Since Lockbit was discovered in 2020, the group has hit 1,700 U.S. organizations, according to the U.S. Cybersecurity and Infrastructure Security Agency. A CISA spokesperson referred questions about the ICBC hack to the U.S. Treasury Department. While market sources said the impact of the hack appeared limited, it signalled how vulnerable systems at large organizations such as the bank continue to be. Thursday's incident is likely to raise questions over market participants' cybersecurity controls and draw regulatory scrutiny. Some market participants said trades going through ICBC were not settled due to the attack and affected market liquidity. The Financial Times reported earlier on Thursday that the U.S. Securities Industry and Financial Markets Association told members that ICBC had been hit by ransomware that disrupted the U.S. Treasury market by preventing it from settling trades on behalf of other market players. The Treasury market appeared to be functioning normally on Thursday, according to LSEG data. Has covered economic and financial policy in the U.S. capital for 15 years.
This Cyber News was published on www.reuters.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000