A pedestrian walks pass a branch of Industrial & Industrial Bank of China (ICBC) in Fuzhou, Fujian province of China.
VCG | Getty Images
The U.S. financial services division of Chinese bank ICBC was hit with a cyberattack that reportedly disrupted the trading of Treasurys.
Industrial and Industrial Bank of China, the world’s largest lender by assets, said Thursday that its financial services arm, called ICBC Financial Services, experienced a ransomware attack “that resulted in disruption to certain” systems.
Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the bank said.
Ransomware is a sort of cyberattack. It involves hackers taking control of systems or information and only letting them go once the victim has paid a ransom. It is a sort of attack that has seen an explosion in popularity amongst bad actors lately.
ICBC didn’t reveal who was behind the attack but said it has been “conducting a radical investigation and is progressing its recovery efforts with the support of its skilled team of knowledge security experts.”
The Chinese bank also said it’s working with law enforcement.
ICBC said it “successfully cleared” U.S. Treasury trades executed Wednesday and repo financing trades done on Thursday. A repo is a repurchase agreement, a sort of short-term borrowing for dealers in government bonds.
Nevertheless, multiple news outlets reported there was disruption to U.S. Treasury trades. The Financial Times, citing traders and banks, said Friday that the ransomware attack prevented the ICBC division from settling Treasury trades on behalf of other market participants.
The U.S. Treasury Department told CNBC: “We’re aware of the cybersecurity issue and are in regular contact with key financial sector participants, along with federal regulators. We proceed to watch the situation.”
ICBC said the e-mail and business systems of its U.S. financial services arm operate independently of ICBC’s China operations. The systems of its head office, the ICBC Recent York branch, and other domestic and overseas affiliated institutions weren’t affected by the cyberattack, ICBC said.
Wang Wenbin, spokesperson for China’s Ministry of Foreign Affairs, said Friday that ICBC is striving to reduce the impact and losses after the attack, in keeping with a Reuters report.
Speaking at an everyday news conference, Wang said ICBC has paid close attention to the matter and has handled the emergency response and supervision well, in keeping with Reuters.
No one has claimed responsibility for the attack yet and ICBC has not said who is perhaps behind the attack.
Within the cybersecurity world, checking out who’s behind a cyberattack is commonly very difficult on account of the techniques hackers use to mask their locations and identities.
But there are clues about what type of software was used to perform the attack.
Marcus Murray, founding father of Swedish cybersecurity firm Truesec, said the ransomware used is known as LockBit 3.0. Murray said this information has come from sources with relations to Truesec, but was unable to disclose who those sources are on account of confidentiality reasons. The Financial Times reported, citing two sources, that LockBit 3.0 was the software behind the attack too. CNBC was unable to independently confirm the knowledge.
This sort of ransomware could make its way into a corporation in some ways. For instance, by someone clicking on a malicious link in an email. Once in, its aim is to extract sensitive details about an organization.
VMWare cybersecurity team said in a blog last yr that LockBit 3.0 is a “challenge for security researchers because each instance of the malware requires a novel password to run without which evaluation is amazingly difficult or not possible.” The researchers added that the ransomware is “heavily protected” against evaluation.
The U.S. government’s Cybersecurity and Infrastructure Security Agency calls LockBit 3.0 “more modular and evasive,” making it harder to detect.
— CNBC’s Steve Kopack contributed to this text.