Gang says ICBC paid ransom over hack that disrupted US Treasury market

Read Time:2 Minute

Electric vehicle sales are continuing to gain momentum globally, with China recording record monthly sales in October, despite the end of subsidies. This was reported by market research firm Rho Motion.


China’s largest bank, the Industrial and Commercial Bank of China (ICBC), paid a ransom after it was hacked last week, according to a representative of the Lockbit ransomware gang. Reuters was not able to independently verify this statement. ICBC’s US arm was also hit by a ransomware attack that disrupted trades in the US Treasury market on November 9th. However, the bank did not immediately respond to a request for comment.


The Lockbit representative told Reuters via Tox, an online messaging app, that “they paid a ransom, deal closed.” Following the attack, ICBC’s US broker-dealer owed BNY Mellon $9 billion, which was many times larger than its net capital.


The hack was so severe that even corporate email at the firm ceased to function, forcing employees to switch to Gmail. However, the market is mostly back to normal now, according to Zhiwei Ren, a portfolio manager at Penn Mutual Asset Management.


The ransomware attack has drawn attention from regulators at a time of heightened concerns about the resiliency of the $26 trillion Treasury market, which is crucial to the plumbing of global finance. A spokesperson for the US Treasury Department did not provide a comment immediately.


The Financial Services Information Sharing and Analysis Center, a cybersecurity group in the financial industry, said that financial firms have well-established protocols for sharing information on such incidents. “We are reminding members to stay current on all protective measures and patch critical vulnerabilities immediately,” a spokesperson said in a statement, adding: “Ransomware remains one of the top threat vectors facing the financial sector.”


Lockbit has hacked some of the world’s largest organizations in the past few months, stealing and leaking sensitive data in cases where victims refused to pay ransom. It has become the world’s top ransomware threat in just three years, according to US officials. It has been particularly disruptive in the US, hitting over 1,700 American organizations in almost every sector, including financial services, food, schools, transportation, and government departments.


Authorities have long advised against paying ransomware gangs to break the criminals’ business model. Ransomware is usually demanded in the form of cryptocurrency, which is harder to trace and gives the receiver anonymity. However, some companies have quietly paid up to get back online quickly and avoid the reputational damage of having their sensitive data publicly leaked. Victims who do not have digital backups that allow them to restore their systems without the need for a decryption key sometimes have no choice but to pay.


Last week, Lockbit hackers published internal data from aerospace giant Boeing and said on their website that they had infected computer systems at law firm Allen & Overy.

Leave a Reply

Your email address will not be published. Required fields are marked *