ICBC Hit by Ransomware Attack - FT
A major ransomware attack has caused disruption in the US Treasury market this week. The Industrial and Commercial Bank of China (ICBC), China's largest bank, was hit with ransomware that paralyzed its computer systems, - FT reports.
The attack prevented ICBC from settling Treasury trades on behalf of other market participants. This led to concerns about liquidity in the US Treasury market, according to traders and banks. The Securities Industry and Financial Markets Association notified members about the incident on Thursday.
Ransomware is a type of malicious software that blocks access to a computer system until a ransom is paid.
ICBC's operations were significantly disrupted, impacting its ability to conduct Treasury transactions.
A source familiar with the situation said, “The firm has told people that they’re working to resolve US Treasuries transactions as soon as possible.”
As of Thursday afternoon, ICBC was starting to restore services as it recovered from the attack. However, the incident caused uncertainty in the Treasury market this week.
The Treasury market is one of the largest and most important financial markets globally. Disruptions to major market participants like ICBC can have ripple effects.
The U.S. Treasury Department is aware of a cybersecurity issue
The U.S. Treasury Department is aware of a cybersecurity issue at the Industrial and Commercial Bank of China that has affected the Treasury market, and is in regular contact with key financial sector participants and regulators, a spokesperson said on Thursday.
“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”
The Treasury issued the statement following a Financial Times report that a ransomware attack at ICBC had "disrupted" the US Treasury market by preventing the bank from settling Treasury trades on behalf of other market participants.
This attack highlights the cyber risks facing major financial institutions.
ICBC Financial Service confirmed the Ransomware attack
A notice on ICBC FS’s website on Thursday evening confirmed that it had “experienced a ransomware attack that resulted in disruption to certain [financial services] systems”, starting on Wednesday.
Message Reads-
On November 8, 2023, U.S. Eastern Time (November 9, 2023, Beijing Time), ICBC Financial Services (FS) experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident. ICBC FS has been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts. ICBC FS has also reported this incident to law enforcement. We successfully cleared US Treasury trades executed Wednesday (11/08) and Repo financing trades done on Thursday (11/09).
ICBC FS's business and email systems operate independently of the Industrial and Commercial Bank of China Group. The systems of the ICBC Head Office and other domestic and overseas affiliated institutions were not affected by this incident, nor was the ICBC New York Branch.
Security expert Kevin Beaumont said an ICBC Citrix server last seen online on Monday and unpatched against an actively exploited NetScaler security bug tracked as 'Citrix Bleed' is now offline.
 |
| image: @GossiTheDog |
Ransomware has become a lucrative business for cybercriminals. Banks and other companies are increasingly targets.
It remains to be seen whether this attack leads to more Treasury market volatility. But it's a reminder that cyber threats pose real risks to the financial system. ICBC is working to fully restore systems. But the ransomware attack has already impacted Treasury market activity this week.
- Update With ICBC acknowledge message.