The U.S. financial services unit of Chinese bank ICBC was hit Friday by a ransomware-type cyberattack that may have disrupted transactions with U.S. Treasury securities, CNBC reported.
Industrial and Commercial Bank of China, the world’s largest bank by assets, announced that its financial subsidiary, called ICBC Financial Services, was the target of a ransomware attack “which caused certain systems to malfunction.” Immediately after discovering the attack, ICBC “isolated the affected systems to contain the incident,” the state-owned bank said.
Ransomware is a type of cyberattack in which hackers seize control of systems or information and release it only after the victim pays a ransom. This type of attack has become popular among bad actors in recent years.
ICBC did not reveal who was behind the attack, but said it “conducted a thorough investigation and recovery efforts supported by its professional team of information security experts are progressing.”
ICBC said it “successfully completed” the US Treasury securities trades executed on Wednesday and the repo financing transactions executed on Thursday. A repo is a repurchase agreement, a type of short-term loan for government bond traders. However, several media reported that transactions with the US Treasury Department had gone awry.
The Financial Times reported on Friday, citing traders and banks, that the ransomware attack prevented a unit of ICBC from settling Treasury contracts on behalf of other market participants.
The US Treasury Department told CNBC: “We are aware of the cybersecurity issue and are in constant contact with key players in the financial sector in addition to federal regulators. We continue to monitor the situation.”
ICBC said its U.S. financial services division’s email and business systems operate independently of ICBC’s China operations.
The systems of ICBC’s head office, New York branch and other affiliated institutions at home and abroad were not affected by the cyber attack, ICBC said.
What did the Chinese government say?
Wang Wenbin, a spokesman for China’s Ministry of Foreign Affairs, said on Friday that ICBC was working to minimize the consequences and losses after the attack, Reuters reported. Speaking at a news conference, Wang said ICBC had paid special attention to the issue and had done well in emergency response and supervision, according to a Reuters article.
What is known about ransomware attacks?
No one has yet claimed responsibility for the attack, and ICBC has not said who may be behind it.
In the world of cyber security, finding out who is behind a cyber attack is often very difficult due to the methods hackers use to mask their location and identity. But there are clues about what software was used to carry out the attack.
Marcus Murray, founder of Swedish cybersecurity company Truesec, said the ransomware used is called LockBit 3.0. Murray said the information came from sources associated with Truesec, but he could not reveal who those sources were for privacy reasons.
The Financial Times reported, citing two sources, that the LockBit 3.0 software was behind the attack.
CNBC could not independently verify the information.
This type of ransomware can enter an organization in a variety of ways. For example, when someone clicks on a malicious link in an email. Once inside, his goal is to obtain confidential information about the company.
VMware’s cybersecurity team said in a blog post last year that LockBit 3.0 is “a challenge for security researchers because each instance of malware requires a unique password to run, without which analysis is extremely difficult or impossible.” The researchers added that the ransomware is “reliably protected” from analysis.
The US government’s Cybersecurity and Infrastructure Agency calls LockBit 3.0 “more modular and workable,” making it harder to detect. LockBit is the most popular ransomware strain, accounting for about 28 percent of all known ransomware attacks between July 2022 and June 2023, according to data from cybersecurity firm Flashpoint.
What is LockBit?
LockBit is the group behind the software. Its business model is known as “ransomware as a service”. It actually sells its malware to other hackers, known as affiliates, who then go on to carry out cyberattacks. On dark web hacking forums, the leader of the group goes by the online name “LockBitSup.”
“The group posts primarily in Russian and English, but according to its website, the group claims to be based in the Netherlands and not politically motivated,” Flashpoint said in a blog post.
The group’s malware is known to target small and medium-sized businesses.
LockBit has previously claimed responsibility for ransomware attacks on Boeing and the UK’s Royal Mail. Royal Mail.
In June, the US Department of Justice charged the Russian with “conducting numerous LockBit ransomware and other cyberattacks” against computers in the US, Asia, Europe and Africa.
“LockBit actors have carried out more than 1,400 attacks on victims in the United States and around the world, making more than $100 million in ransom demands and receiving at least tens of millions of dollars in actual ransom payments in the form of Bitcoin.” reports the Ministry of Justice in a June press release. (Source: News.ro)
Source: Hot News
Lori Barajas is an accomplished journalist, known for her insightful and thought-provoking writing on economy. She currently works as a writer at 247 news reel. With a passion for understanding the economy, Lori’s writing delves deep into the financial issues that matter most, providing readers with a unique perspective on current events.