ICBC confirms ransomware attack on USA subsidiary


The Industrial and Commercial Bank of China Financial Services (ICBC FS), a subsidiary of China’s largest lender ICBC, has confirmed that it suffered from a disruptive ransomware attack.

Thursday’s attack on the Industrial and Commercial Bank of China (ICBC), one of the largest financial institutions in the world, was narrowed down to ICBC’s subsidiary based in New York, ICBC FS.

According to the company’s statement, the attack disrupted “certain FS systems.” Once the company caught the attack, it disconnected the impacted systems to contain the incident.

ADVERTISEMENT

“ICBC FS has been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts,” the company said.

While there's no confirmed details about the attack's perpetrators, security researchers vx-underground claim that the notorious ransomware gang LockBit admitted being behind the attack.

ICBC FS's statement says that the company managed to clear US Treasury trades and Repo financing trades that could be executed due to systems going offline amidst the ransomware attack.

The company noted that its business and email systems operate independently from the ICBC China Group.

“The systems of the ICBC Head Office and other domestic and overseas affiliated institutions were not affected by this incident, nor was the ICBC New York Branch,” ICBC FS said.

Headquartered in New York, ICBC FS is a subsidiary of ICBC, which provides global clearing, execution, and financing services worldwide.

ICBC is China’s largest commercial lender, with assets exceeding $6 trillion. The bank employs nearly 435,000, and the company’s majority shareholder is the Chinese government.

ADVERTISEMENT

Attacking Chinese-owned financial institutions is not an everyday occurrence. Most prominent ransomware operators have rules against targeting Russian and Chinese entities, focusing their efforts against targets in the West.

Attacking an organization as large as ICBC might have been a mistake by an inexperienced ransomware operator, as incidents where influential organizations are involved often put a red target on the back of the attackers, cybersecurity expert Roger Grimes said.

“[…] the Chinese certainly have their own great hackers they can use as an offensive resource, and the US authorities are pretty good at identifying culprits and dishing out pain when the money involved is big enough. This is one of those cases,” Grimes said.