Ransomware attack on China’s ICBC disrupts US Treasury market

So much for decoupling. Hackers managed to disrupt the U.S. Treasury market not by targeting a U.S. financial institution, but rather a Chinese mega-bank.

The financial services arm of the Industrial and Commercial Bank of China announced Thursday that a ransomware attack disrupted its systems and that it prevented it from settling Treasury trades on behalf of other market participants. Transactions reportedly failed to clear and traders had to reroute their deals to other financial institutions. The bank was even forced to get settlement data from affected parties using a messenger and a portable USB drive, reports Bloomberg.

The bank said it was conducting a “thorough investigation” and is “progressing its recovery efforts,” according to a notice posted to ICBC Financial Service’s website on Thursday. The notice said the bank successfully cleared U.S. Treasury trades executed on Wednesday, and repo financing trades on Thursday. The bank also said systems at the head office, along with other overseas and domestic branches, were not affected.

ICBC is the highest-ranked bank on the Fortune Global 500, which ranks global companies by revenue, sitting in 28th place. It’s both China, and the world’s, largest bank by assets, according to S&P Global Intelligence. ICBC is a state-owned bank and provides a range of services from personal and commercial banking to wealth management and treasury management services.

Fortunately, disruption from the ICBC attack may have been limited, as Treasury market experts note that traders often have relationships with several banks. Yet the ICBC attack highlights the challenge of keeping banking and financial institutions safe as more transactions move online.

What is ransomware?

Ransomware is a type of malware that locks a victim’s device, data or systems until a payment is made.

In recent months, hackers have attacked two casino companies—MGM and Caesars—and Boeing with ransomware attacks. In MGM’s case, the ransomware attack disrupted websites, reservation systems, and even slot machines at its resorts.

Repercussions from a ransomware attack can be serious. An attack on Colonial Pipeline in May 2021 threatened gas supplies for millions of Americans on the U.S. East Coast, and was only resolved after the company paid almost $5 million in ransom to the hackers.

Lockbit, a criminal gang with ties to Russia, is suspected of carrying out the attack on ICBC, reports Bloomberg. The group attacked ION Trading UK and the UK’s Royal Mail earlier this year.

But it’s highly unusual for a bank as big as ICBC to be hit “with this disruptive of a ransomware attack” Allan Liska, an expert at the cybersecurity firm Recorded Future, told Reuters. The attack continues a “trend of increasing brazenness by ransomware groups,” he continued.

Subscribe to the CFO Daily newsletter to keep up with the trends, issues, and executives shaping corporate finance. Sign up for free.