ICBC allegedly paid ransom after hack


The Industrial and Commercial Bank of China (ICBC), China's biggest lender, paid a ransom after it was hacked last week, a LockBit ransomware gang representative said in a statement which Reuters was unable to independently verify.

ICBC, whose US arm was hit by a ransomware attack that disrupted trades in the US Treasury market on Nov. 9th, did not immediately respond to a request for comment.

"They paid a ransom, deal closed," the LockBit representative told Reuters via Tox, an online messaging app.

ADVERTISEMENT

The blackout at ICBC's US broker-dealer left it temporarily owing BNY Mellon $9 billion, an amount many times larger than its net capital. The hack was so extensive that even corporate email at the firm ceased to function, forcing employees to switch to Google Mail, Reuters reported.

"The market is mostly back to normal now," said Zhiwei Ren, a portfolio manager at Penn Mutual Asset Management.

The ransomware attack came at a time of heightened worries about the resiliency of the $26 trillion Treasury market, essential to the plumbing of global finance, and is likely to draw scrutiny from regulators.

A spokesperson for the US Treasury Department did not immediately provide comment on Monday.

The Financial Services Information Sharing and Analysis Center, a financial industry cybersecurity group, said financial firms have well-established protocols for sharing information on such incidents.

"We are reminding members to stay current on all protective measures and patch critical vulnerabilities immediately," a spokesperson said in a statement, adding: "Ransomware remains one of the top threat vectors facing the financial sector."

Ransomware business

LockBit has hacked some of the world's largest organizations in recent months, stealing and leaking sensitive data in cases where victims refused to pay ransom.

ADVERTISEMENT

The group first appeared on the ransomware scene sometime in late 2019. Since then, the gang has climbed to the top of the food chain, topping many lists in terms of victimized organizations.

The group is also said to have received tens of millions of dollars in actual ransom payments collected in Bitcoin.

Authorities have long advised against paying ransomware gangs in a bid to break the criminals' business model. A ransom is usually demanded in the form of cryptocurrency, which is harder to trace and gives the receiver anonymity.

Some companies have quietly paid up in a bid to get back online quickly and avoid the reputational damage of having their sensitive data publicly leaked. Victims who do not have digital backups that allow them to restore their systems without the need for a decryption key sometimes have no choice but to pay.

However, paying attackers doesn’t always mean that data is safe, as cybercriminals sometimes take the money and publish it anyway.