Cyber ​​attack on world's largest Chinese bank halts US market

- The branch located in New York City of America became a victim

- Russian criminal gang Lockbit suspected of carrying out ransom attack: Bank does not disclose details of losses

Beijing: The American unit of Industrial and Commercial Bank of China Ltd., the world's largest bank located in China, was allegedly attacked on Thursday due to a cyber attack in the American treasury market. ICBC said in a statement on its website that this week's ransomware attack on the bank caused disruptions in some systems. However, they disconnected some parts of the affected system to limit the impact of the attack.

The New York-based bank said it is investigating the attack and has informed law enforcement agencies and is making progress toward recovery. The bank said that all treasury trades on Wednesday and repurchase agreements for trades on Thursday have been cleared successfully. Some market participants noticed that trading transactions through ICBC were not effected due to the ransomware attack. The attack is likely to be a Russian criminal gang Lockbit. The attack was intended to cripple computer systems until the ransom was paid. However, the extent of the damage to the bank was not immediately disclosed.

According to sources, Lockbit is the same cyber gang that carried out cyber attacks on the UK's Royal Mail, Japan's largest maritime port and most recently the parts and distribution business of Bing. However, any cyber attack on Lockbit, like the attack on ICBC, disrupted the world's financial markets. On Thursday, the world's largest bank's total assets were blocked after a cyber attack disrupted the clearing of some treasury markets.

Market makers, brokerages and banks had to redo their trades due to this cyber attack. ICBC's banking, e-mail and other systems were not affected by the ransomware attack, according to the bank. A spokesperson of China's Ministry of Foreign Affairs said that the ICBC is monitoring the situation. And they are trying their best to minimize the damage caused by the attack. He added that business is continuing as usual in other ICBC offices around the world. ICBC provides fixed income clearing, treasury repo lending and some equities securities lending. According to the annual filing presented by the company to the American regulators at the end of 2022, the assets of the company were 23.5 billion dollars.

However, the attack has highlighted the risk that even the world's top banks could fall victim to a cyber attack and disrupt the financial system, which could have ripple effects on the market. This is truly shocking for the world's largest banks, said Marcus Marry, founder of Swedish cyber security company Trusec. The cyber attack on ICBC's system is a clear warning that the world's major banks must improve and strengthen their defense systems starting today.

Lockbit is one of the most notorious ransomware variants, according to cyber security company Emisisoft. This ransomware has been active since September 2019. This ransomware is said to have attacked thousands of companies. Apart from Europe and America, companies in China, India, Indonesia and Ukraine have been victimized by this gang, cyber security company Kaspersky said.

Mattis Wahlen, an intelligence specialist at cybersecurity company Trusec, said that since China has banned crypto-related transactions, ransomware attacks on its companies are rare. Because cryptocurrency is banned, it becomes difficult for the victim company to pay the ransom in crypto currency. However, the latest cyber attack has exposed ICBC's cyber security lapses.

Ransomware attacks cost $500 million this year

According to a report by blockchain analytics company Chainalys, there were approximately $500 million in ransom payments for ransomware attacks as of September this year, an increase of nearly 50 percent compared to the same period last year. Ransomware attacks have increased by 95 percent in the first three quarters of this year compared to 2022. In the year 2020, there was a cyber attack on the New Zealand Stock Exchange website.

Lockbit is notorious for using double ransom tactics

A Lockbit ransomware attack begins by infiltrating a company's network through phishing e-mails or weak cyber security to gain access to the company's network. Once the network group has gained access, they encrypt the company's data and demand a ransom for its decryption key. Lockbit is notorious for using double ransom tactics. In a double extortion attack, a ransomware group threatens to release the stolen data of the victim company on the open market. This type of attack threatens the company's reputation and also causes financial loss.