On Monday, several media outlets reported that the hacking group LockBit has claimed that The Industrial and Commercial Bank of China (ICBC) paid it a ransom, after suffering a cyberattack last week which targeted some of its US-based systems.
China’s largest global lender by total assets disclosed the hack on November 9th. The breach had caused the disruption of some US Treasury market deals, forcing brokers and traders to reroute the deals, in some cases using couriers carrying thumb drives, to close the transactions.
Reuters reported that on Monday, a representative of LockBit said that there was a ransom payment made, however they did not offer any additional details.
Using the online messaging app Tox to communicate with Reuters, the representative said, “They paid a ransom, deal closed.”
The outlet reported that the extent of the hack of the ICBC was so great that it even precluded the use of the corporate email systems, forcing employees to utilize Google’s Gmail.
Zhiwei Ren, a portfolio manager at Penn Mutual Asset Management said, “The market is mostly back to normal now.”
The ransomware attack utilized on the ICBC most often occurs after an employee opens an email attachment sent by what appears to be a legitimate user. However the attachment, when opened, will activate a program to take control of the user’s computer or computer network, encrypting everything. This forces the victim to pay a ransom, most often in cryptocurrency, to the hackers to get the key to unlock their own computer systems. In recent years such attacks have surged in popularity with hackers, who have targeted a range of public and private organizations.
The financial industry cybersecurity group the Financial Services Information Sharing and Analysis Center, has urged companies to “stay current on all protective measures and patch critical vulnerabilities immediately,” adding, “Ransomware remains one of the top threat vectors facing the financial sector.”
LockBit has been increasingly active in the ransomware field in recent months, targeting some of the largest organizations in the world, particularly within the US. In cases where victims refused to pay, the group has stolen information and leaked sensitive records.
According to Reuters, in the US, LockBit has launched cyberattacks against over 1,700 organizations throughout numerous sectors, such as financial services, food, schools, transportation and government departments.
