China’s ICBC paid ransom after hacking that crippled US treasury market: Reports

Ransomware hacking group Lockbit, which hit the US arm of the Industrial and Commercial Bank of China (ICBC) last week that disrupted trades in the US Treasury market, has reportedly admitted it was paid a ransom by the bank.

 

According to reports, a Lockbit ransomware gang representative confirmed this, saying “they (the ICBC bank) paid a ransom, deal closed”.

 

However, there was no official word from either the bank or the US Treasury Department on the ransom being paid.

 

Lockbit also did not reveal the amount it allegedly received as ransom.

 

Last week, the US financial services division of Chinese bank ICBC was hit with a cyber attack that reportedly disrupted the trading.

 

ICBC, the world’s largest lender by assets, said that its financial services arm, called ICBC Financial Services, experienced a ransomware attack “that resulted in disruption to certain” systems.

 

Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the bank had said in a statement.

 

The ransomware attack reportedly stopped the ICBC division from settling Treasury trades on behalf of other market participants.

 

“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” the US Treasury Department had said in a statement.

 

China’s Ministry of Foreign Affairs said that ICBC is “striving to minimise the impact and losses after the attack”.

 

The US government’s Cybersecurity and Infrastructure Security Agency calls LockBit “more modular and evasive,” making it harder to detect, reported CNBC.

 

LockBit’s business model is known as “ransomware-as-a-service”.

 

It sells its malicious software to other hackers, who carry out the cyberattacks.