Cooperation

ICBC flies top executives to US in race to contain fallout of hack by ransomware gang LockBit

[ad_1]

Within days of a cyberattack at its US unit, members of Industrial and Commercial Bank of China’s (ICBC) management were on a plane.

Officials from the world’s largest lender arrived in the US over the weekend in a hastily arranged trip to limit fallout from the incident last week, people with knowledge of the situation said. As they sought to calm markets through a steady stream of discussions and calls, one question remained unanswered: when will the stricken systems start functioning again?

The bank is racing to reassure market participants it has a handle on the situation following the attack by prolific ransomware gang LockBit, which rendered it unable to clear swathes of US Treasury trades and forced many to reroute their orders. The firm has yet to restore normal operations.

On Friday, senior ICBC executives spoke with hundreds of member firms of the Securities Industry and Financial Markets Association (Sifma) in a bid to allay concerns, according to people familiar with the matter who asked not to be identified discussing private information. Some participants left without a clear outline of ICBC’s response, one of the people said.

Ransomware gang LockBit uses malicious software known to encrypt files on its victims’ computers. Photo: Shutterstock

And while the bank has been working to restore access to its systems, a subsequent investigation and ongoing discussions with regulators have made any resumption of normal service hard to predict, one of the people said.

The incident also prompted China’s National Administration of Financial Regulation (NAFR) to issue guidance last week pressing large banks with offshore units to bolster their defences against potential cyberattacks, another person familiar with the matter said.

Representatives for ICBC did not immediately respond to requests for comment. A representative for Sifma declined to comment. The NAFR did not immediately respond to a request for comment.

ICBC confirmed in a statement on Thursday that a ransomware attack at its ICBC Financial Services unit had disrupted some of its systems and that it was conducting a thorough investigation.

Its head office and other domestic and overseas units were not affected, it said. On Monday, LockBit said that it had received a ransom payment from ICBC, without giving further details.

Ransomware attack on ICBC unit disrupts US Treasury market trades

The extent of the disruption caused by the attack was not immediately clear, though participants in the US$26 trillion Treasury market reported liquidity was being affected. Traders were still finding it hard to settle transactions more than a day after the attack.

ICBC is working with its US banking partners to help clear transactions as it seeks to resolve the cyber issues, one of the people said. Still, some participants were concerned about connecting with the bank digitally until they had resolved the security issues, said the person.

In the immediate aftermath, ICBC held discussions about hiring Google-owned cybersecurity firm Mandiant for incident response, though no agreement to work together was reached.

If recent ransomware attacks are any indication, it could take weeks for ICBC to restore its operations to normal.

LockBit, a criminal gang with ties to Russia, specialises in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files. Earlier this year, it took credit for an attack against ION Trading UK that paralysed derivatives trading across markets for everything from commodities to bonds and forced several banks and brokers to process trades manually.

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button