Industrial and Commercial Bank of China impacted by ransomware

The Industrial and Commercial Bank of China (ICBC), which is recognized as the largest commercial bank in the world by revenue and has a vast customer base with millions of corporate and individual clients globally, suffered a ransomware attack that impacted its operations in the U.S. Treasury market. This cyber attack, which involved encryption of the bank's systems with demands for ransom to unlock them, caused significant disruptions in the settlement of trades. The specifics of the attackers remain unknown.

The U.S. Treasury Department acknowledged the incident, stating that they were in ongoing communication with key entities in the financial sector and monitoring the situation closely. Similarly, the Securities Industry and Financial Markets Association (SIFMA) informed its members about the ICBC's struggle to connect to clearing systems due to the ransomware, which led to temporary suspension of services and trades.

At the time of the reports, ICBC was in the process of restoring its services. The 'Citrix Bleed,' vulnerability linked to an unpatched server at ICBC, was identified as a potential entry point for the attack, which allowed attackers to bypass authentications easily. This security flaw was exploited by the ransomware group, effectively paralyzing the bank's computer systems until payment was made.

Despite the attack's severity, details were not immediately available from ICBC, and they had not released a formal statement confirming the specifics of the incident's impact at the time of the initial reporting.

Update: The attack disrupted the ability of ICBC to clear a significant portion of U.S. Treasury trades, leading the bank to send settlement details via a messenger with a USB stick.

According to a report by Reuters Monday (Nov. 13), a representative of a Lockbit ransomware gang claims that ICBC paid the ransom. Reuters noted that it could not independently confirm the group’s statement.