Table of Contents
Ransomware Attack on Industrial and Commercial Bank of China Financial Services
The Industrial and Commercial Bank of China's Financial Services division, which is the financial services arm of China's largest bank, reported that it was the target of a severe ransomware attack. This cyberattack was reported to have disrupted trading in the U.S. Treasury market. The company, headquartered in New York, promptly reported the issue to the law enforcement authorities, kicking off an ongoing investigation.
Disruption of Treasury Market Trades
The attack by the ransomware led to significant disruptions in the regular operations of the company. Notably, trades in the U.S. Treasury market were severely impacted. These include normal financial services such as orders, trades, and transactions associated with U.S. treasury instruments that the company commonly handles.
Immediate Disconnection of Affected Systems to Limit Damage
To contain and mitigate the effects of the ransomware attack, Industrial and Commercial Bank of China Financial Services swiftly responded by disconnecting some parts of the systems that were affected. This proactive step helped to limit the overall impact of the ransomware attack on the organization's integral operations and safeguard the unaffected systems.
Resumption of Treasury Trades and Repo Financing Trades
Despite the disruption caused by the ransomware attack, the company managed to ensure that all Treasury trades executed on Wednesday and repo financing trades on Thursday were cleared. This resumption of operations is a testament to the company's resilience and robust disaster recovery protocols.
Non-impact on ICBC’s Banking, Email and Other Systems
According to the company, the ransomware attack impacted certain systems, but its primary banking, email, and other essential systems remained unaffected. Such unaffected operations allowed the organization to maintain continuity of service and its availability to clients.
Suspected Attack by LockBit, a Russian-Speaking Ransomware Syndicate
The ransomware attack is reported to have been carried out by LockBit, a notorious Russian-speaking ransomware syndicate. Active since September 2019, LockBit is infamous for its high-efficiency attacks and has targeted thousands of organizations. Interestingly, the syndicate does not target entities in former Soviet countries, which perhaps points towards its origin.
Response and Statements by Officials
Officials have been fast to respond and issue statements concerning the ransomware attack. High-ranking members of the U.S. and Chinese financial sectors convened to discuss the serious issue and its implications.
Minimal Disruption of Treasury Market Trades as per Yellen
U.S. Treasury Secretary, Janet Yellen suggested that the ransomware attack's effect on the U.S. Treasury market was minimal. She made this comment after the forced shutdown of some systems of China's biggest bank, namely, the Industrial and Commercial Bank of China Financial Services. This announcement was made during a meeting in San Francisco, attended by U.S. and Chinese finance officials ahead of a regional economic summit.
Initiation of Investigation for the Incident
In light of the ransomware attack, an investigation was launched to unveil the details and causes behind this cyber incident. Both U.S. and Chinese authorities are actively looking into the matter, pledging to work rigorously to get to the bottom of this event. The banks are cooperating and providing necessary data and access for this critical investigation to ensure a thorough and conclusive fight back against such cyber threats.
Profile of LockBit
The ransomware escade against Industrial and Commercial Bank of China Financial Services is suspected to have been orchestrated by a notorious syndicate, LockBit. This group has a distinct profile and modus operandi that sets it apart in the larger panorama of cyber threats.
Not Targeting Former Soviet Countries
Interestingly, LockBit, despite communicating primarily in Russian and English, does not target former Soviet nations, suggesting a certain strategic or operational rationale behind its selection of targets. While the group claims to be located in the Netherlands, this lack of attacks on former Soviet countries hints at possible ties or a strategic understanding with these nations.
Classification as Efficient Ransomware Variant by Emsisoft
LockBit has been classified by cybersecurity firm Emsisoft as one of the most efficient ransomware variants around. Furthermore, LockBit operates under the ‘ransomware-as-a-service’ business model, selling its malicious software to other hackers internationally, known as affiliates, who then initiate the attacks. This demonstrates their streamlined operations and capabilities for widespread damage.
Active Since September 2019 and Causing Thousands of Attacks
LockBit has been active in the cyber threat landscape since September 2019. Since its inception, it has launched thousands of damaging ransomware attacks across the globe. The group is credited with over 1,400 attacks against victims in the United States and worldwide, issuing over $100 million in ransom demands and garnering tens of millions in received ransoms paid in Bitcoin.
