The US arm of Industrial and Commerical Bank of China suffers a ransomware attack

Ali Raza
Last Updated:

Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.

The Industrial and Commercial Bank of China (ICBC) saw its US arm suffer a ransomware attack last Thursday, November 9. The attack disrupted the bank’s operations, forcing a number of clients to reroute some of their trades.

The bank quickly isolated affected systems

The ICBC Financial Services addressed the incident on their website, stating that the attack disrupted certain FS systems. The US unit of the world’s largest lender ensured customers that business and email systems were not hit and also that ICBC’s head office and other overseas units managed to avoid disruptions.

However, the impacted systems were quickly disconnected from the rest and isolated as the bank worked to prevent the ransomware from spreading and localize the damage. It immediately started working on recovery efforts, and it conducted an investigation to determine what exactly happened and how ransomware entered its systems.

The incident was also immediately reported to law enforcement. Since then, the bank also said that it managed to successfully clear US Treasury trades executed the day before, on Wednesday, and repo financing trades done on Thursday.

The way it managed to do it was by putting settlement details on a USB stick and physically transferring it to market participants through messengers and couriers. However, despite these efforts, there was still a disruption to US Treasury trades, as reported by the Financial Times.

Experts believe that LockBit is responsible

So far, no party has come out to claim responsibility for the attack. However, cybersecurity experts started analyzing the incident in order to try and uncover who was responsible on their own. According to their investigations, the group behind the attack was likely the LockBit gang.

LockBit is a group that primarily seems to target US victims, and in the past, it made more than 1,400 attacks against them, based on the Department of Justice. Earlier in 2023, it even launched an attack against a trading tech firm known as ION.

Marcus Murray, the founder of a cybersecurity company Truesec, and one of the nation’s most recognized cybersecurity experts, commented on the incident, stating that the attack, and the fact that it was successful, came as a shock to large banks around the world.

According to him, the ICBC hack will cause major waves, and make large banks around the world race toward improving their security and defenses, starting immediately. The details of the breach were still not released, meaning that they have either yet to be discovered, or the bank is trying to patch a weak point before someone else can exploit it.

About Ali Raza PRO INVESTOR

Ali is a professional journalist with experience in Web3 journalism and marketing. Ali holds a Master's degree in Finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of leading cryptocurrency publications including Capital.com, CryptoSlate, Securities.io, Invezz.com, Business2Community, BeinCrypto, and more.