The ransomware attack that hit the Industrial and Commercial Bank of China (ICBC)—which is not just China’s largest bank but the world’s largest bank—may have repercussions that last for some time. The attack prevented ICBC from settling some trades in U.S. Treasuries, setting off a spike in yields just as the Treasury Department was auctioning $24 billion of 30-year bonds. It also left ICBC’s U.S. broker-dealer temporarily owing BNY Mellon $9 billion.
The shockwaves in the Treasury market are not the largest concern, however. ICBC has now established a precedent whereby even the largest financial institutions may feel it is more reasonable to pay off an attack rather than fight it. LockBit, the hacker group behind the ICBC attack, has now claimed responsibility for a hack on the Chicago Trading Company, a proprietary trading firm. According to Bloomberg, LockBit gave the company a deadline to pay an unspecified ransom and will release stolen data if its demands are not met. But a CTC spokesman said: “There was never any ransomware, nor an impact to business operations. We have been and continue trading normally on all markets since the event without incident.”
How the Hackers Operate
This response follows on the heels of ICBC paying ransom to LockBit following the recent hack. The amount of that ransom has yet to be disclosed. “They paid a ransom, deal closed,” the LockBit representative said via the online messaging app Tox.
LockBit has made more than 1,400 attacks against U.S. victims, according to the Department of Justice. LockBit is believed to have gained access to ICBC’s tech stack through vulnerabilities in the Citrix NetScaler product family.
LockBit is reportedly run by a group of Russian-speaking hackers who carry out attacks using malicious software and infrastructure. The group has been known to steal internal data and then encrypt its victims’ computers, making them unusable. It then demands payment in exchange for unlocking the computers and not publishing the stolen data online. The fact that CTC did not buckle under to these demands is a good sign for fintech security around the globe, but it remains to be seen how many institutions choose to follow the ICBC path instead.