ICBC Financial Services, the world’s biggest lender, has suffered a ransomware attack, with fingers being pointed at the prolific Russian gang LockBit. Though the bank says it was able to quickly contain the incident, it highlights the damage cyberattacks can do to financial institutions.
Based in China, ICBC is the largest commercial lender in the world, and in 2022 its assets were valued at $5.74trn. The attack hit the company’s US division but is not thought to have impacted its other business units around the world.
ICBC Financial Services hit by LockBit ransomware?
ICBC said in a statement released late on Thursday that it had “experienced a ransomware attack that resulted in disruption to certain financial services systems”.
It said that “immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident,” and that it has “been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts”. It is also coordinating with law enforcement agencies in the US.
The bank said it “successfully cleared US Treasury trades executed Wednesday and Repo financing trades done on Thursday”, but with several of its systems locked down, Bloomberg reported it was only able to do this by putting information on USB sticks and couriering it directly to market participants.
Some traders had to re-route business through other banks to ensure they progressed smoothly, the FT said.
Few details of how the attack occurred have been released, but sources close to the investigation say it was perpetrated using LockBit 3.0 ransomware. The Russian cybercriminal gang is one of the most active hacking groups in the world, and this year has successfully attacked companies including Boeing and Royal Mail. In February, it breached the software business Ion Group, which provides a platform used by financial traders, leaving its customers without access to automated trading tools.
It is not known if a ransom demand has been issued, or paid by the bank.
Financial markets on red alert over ransomware
Successful cyberattacks on major banks, particularly those operating out of China, are rare, and ICBC said in a report released in September that it has been investing in its defences. “The bank actively responded to new challenges of financial cybersecurity, adhered to the bottom line for production safety and deepened the intelligent transformation of operation and maintenance,” the report says.
Business and tech leaders in financial services companies are aware of the security challenges they face, with the prospect of cyberattacks being the most commonly cited risk in the Bank of England’s H2 2023 systemic risk survey, published last month, which polled executives at 56 of the UK’s biggest banks.
Banking's digital transformation means the risk of ransomware breaches and other types of cyberattacks is greater than ever before, argues Tyler Young, CISO at data security vendor BigID. "Over the last several years, we have seen banks attempting to modernise their tech stack, going to the cloud and leveraging SaaS applications," Young said. "While this digital transformation is essential for a modern business, it does introduce new risks and requires a completely new approach to protecting their organisation."