The Industrial and Commercial Bank of China (ICBC), the world’s largest bank by assets, was hit by a cyberattack on Thursday, November 9, 2023. The attack disrupted trading of US Treasury’s, but ICBC said it was able to clear all trades that were executed on Wednesday and repo financing trades done on Thursday.
The attack used ransomware, a type of malware that encrypts files and demands a ransom payment to decrypt them. ICBC did not disclose who was behind the attack, but said it is working with law enforcement to investigate.
The attack caused disruption to US Treasury trading because ICBC is a major player in that market. However, the US Treasury Division said it is working with other market participants to minimize the impact of the disruption.
Cyberattacks on financial institutions on the rise
This is the latest in a series of cyberattacks on major financial institutions. In recent months, several other large banks have been hit by ransomware attacks, including JPMorgan Chase, Goldman Sachs and Citigroup.
The increasing frequency and sophistication of cyberattacks on financial institutions is a major concern for regulators and industry officials. They are working to develop new ways to protect financial institutions from these attacks.
How ransomware attacks work
Ransomware attacks typically start with a phishing email that contains a malicious link. When the user clicks on the link, the ransomware is downloaded onto their computer. The ransomware then encrypts all of the files on the computer, making them inaccessible to the user.
The attacker then displays a ransom note on the user’s screen, demanding a payment in exchange for the decryption key. If the user does not pay the ransom, they will lose access to their files permanently.
What financial institutions can do to protect themselves from ransomware attacks
Financial institutions can take a number of steps to protect themselves from ransomware attacks, including:
- Educating employees about phishing emails and other social engineering attacks
- Implementing strong security measures, such as multi-factor authentication and firewalls
- Backing up data regularly and storing it in a secure location
- Having a plan in place for responding to ransomware attacks
Impact of the ICBC cyberattack
The impact of the ICBC cyberattack is still being assessed. However, it is clear that the attack has disrupted trading of US Treasurys and raised concerns about the security of financial institutions.
The ICBC cyberattack is a reminder of the growing threat of cyberattacks on financial institutions. Financial institutions need to take steps to protect themselves from these attacks and be prepared to respond if they are attacked.
- ICBC said that its email and business systems are operating normally and that its customers’ data is safe.
- The US Treasury Division said that it is working with other market participants to minimize the impact of the disruption to Treasury trading.
- Experts say that the ransomware used in the attack is called LockBit 3.0. This ransomware is known for being very difficult to decrypt.
- It is not yet clear who is behind the attack. However, experts say that it is likely that the attackers were motivated by financial gain.
Recommendations for financial institutions
Financial institutions should take the following steps to protect themselves from ransomware attacks:
- Educate employees about phishing emails and other social engineering attacks.
- Implement strong security measures, such as multi-factor authentication and firewalls.
- Back up data regularly and store it in a secure location.
- Have a plan in place for responding to ransomware attacks.
- Work with other financial institutions and regulators to share information about cyber threats and best practices for cybersecurity.