Dive Brief:
- A U.S. subsidiary of China’s largest bank was hit by a ransomware attack Wednesday that resulted in disruption to certain financial services systems, the bank announced Thursday.
- The hack disrupted the trading of U.S. Treasuries, forcing the Industrial and Commercial Bank of China Financial Services to send required settlement details to certain parties by a messenger carrying a USB stick, according to Bloomberg.
- The New York City-based firm said it reported the incident to law enforcement and successfully cleared U.S. Treasury trades executed Wednesday and repo financing trades done Thursday.
Dive Insight:
"Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident,” the bank said in a statement.
The firm, whose clients include hedge funds, broker-dealers and global banks, said it is investigating the attack and progressing recovery efforts.
“The business systems and office systems of the head office of ICBC and other domestic and foreign branches and subsidiaries within the group are normal,” China’s foreign ministry said Friday, according to CBS News.
"As far as we know, ICBC has paid close attention to this matter, and has done a good job in emergency handling and supervision and communication, striving to minimize the impact of risks and losses," foreign ministry spokesperson Wang Wenbin said at a regular news briefing.
The attack used ransomware developed by Russian hacking group LockBit, Marcus Murray, the founder of Truesec, a cybersecurity company, told The Wall Street Journal on Friday. The attack was probably launched by an affiliate of LockBit, he told The Journal.
LockBit, a prolific ransomware group, claimed responsibility for the cyberattack on multinational aerospace company Boeing last month, according to Cybersecurity Dive.
“A boundary has been broken. We haven’t seen something like this involving a large bank before,” Murray told The Journal. “We’ve seen previous cyberattacks against big banks, but the hackers haven’t used ransomware. It’s not clear how this is going to impact banks, or the wider financial system.”