The US branch of the Industrial and Commercial Bank of China (ICBC) experienced a ransomware attack on Thursday, leading clients to adjust some trades.
In a statement, ICBC Financial Services, the US division of the largest bank in the world, confirmed that they “experienced a ransomware attack that resulted in disruption to certain FS systems.” It clarified that business and email systems were not affected, nor were the bank’s headquarters or other international branches.
The bank has taken proactive measures by “disconnecting and isolating impacted systems,” and is currently engaged in recovery efforts while conducting an investigation and reporting the incident to law enforcement. ICBC also mentioned that it “successfully cleared” US Treasury trades executed on Wednesday and repo financing trades completed on Thursday.
According to Bloomberg, affected settlement details were transferred onto a USB stick and delivered to market participants via a messenger. However, the Financial Times indicated there were disruptions to US Treasury trades.
Although no group has officially taken responsibility for the attack, numerous cybersecurity experts have pointed to the LockBit gang as the likely perpetrators. This group has conducted over 1,400 attacks on US targets, as noted by the Department of Justice, and earlier this year compromised trading technology firm ION.
Marcus Murray from cybersecurity firm Truesec remarked, “This is a true shock to large banks around the world. The ICBC hack will make large banks globally race to improve their defenses, starting today.”