View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 10, 2023

ICBC ransomware breach highlights cyberattack threat to financial system

The world's biggest lender by assets was forced to take drastic action to ensure trading continued as normal.

By Matthew Gooding

ICBC Financial Services, the world’s biggest lender, has suffered a ransomware attack, with fingers being pointed at the prolific Russian gang LockBit. Though the bank says it was able to quickly contain the incident, it highlights the damage cyberattacks can do to financial institutions.

ICBC says it quickly contained a ransomware incident that occurred this week. (Photo by Sean K/Shutterstock)

Based in China, ICBC is the largest commercial lender in the world, and in 2022 its assets were valued at $5.74trn. The attack hit the company’s US division but is not thought to have impacted its other business units around the world.

ICBC Financial Services hit by LockBit ransomware?

ICBC said in a statement released late on Thursday that it had “experienced a ransomware attack that resulted in disruption to certain financial services systems”.

It said that “immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident,” and that it has “been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts”. It is also coordinating with law enforcement agencies in the US.

The bank said it “successfully cleared US Treasury trades executed Wednesday and Repo financing trades done on Thursday”, but with several of its systems locked down, Bloomberg reported it was only able to do this by putting information on USB sticks and couriering it directly to market participants.

Some traders had to re-route business through other banks to ensure they progressed smoothly, the FT said.

Few details of how the attack occurred have been released, but sources close to the investigation say it was perpetrated using LockBit 3.0 ransomware. The Russian cybercriminal gang is one of the most active hacking groups in the world, and this year has successfully attacked companies including Boeing and Royal Mail. In February, it breached the software business Ion Group, which provides a platform used by financial traders, leaving its customers without access to automated trading tools.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

It is not known if a ransom demand has been issued, or paid by the bank.

Financial markets on red alert over ransomware

Successful cyberattacks on major banks, particularly those operating out of China, are rare, and ICBC said in a report released in September that it has been investing in its defences. “The bank actively responded to new challenges of financial cybersecurity, adhered to the bottom line for production safety and deepened the intelligent transformation of operation and maintenance,” the report says.

Business and tech leaders in financial services companies are aware of the security challenges they face, with the prospect of cyberattacks being the most commonly cited risk in the Bank of England’s H2 2023 systemic risk survey, published last month, which polled executives at 56 of the UK’s biggest banks.

Banking's digital transformation means the risk of ransomware breaches and other types of cyberattacks is greater than ever before, argues Tyler Young, CISO at data security vendor BigID. "Over the last several years, we have seen banks attempting to modernise their tech stack, going to the cloud and leveraging SaaS applications," Young said. "While this digital transformation is essential for a modern business, it does introduce new risks and requires a completely new approach to protecting their organisation."

Read more: Why AI in banking is here to stay

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.