Ransomware attack on Industrial and Commercial Bank of China disrupts US Treasury market trades
A ransomware attack on Industrial and Commercial Bank of China (ICBC) disrupted some trades in the US Treasury market on Thursday, the Treasury Department said, although the impact on the market was unclear.
In ransomware attacks, hackers encrypt an organisation’s systems and demand ransom payments in exchange for unlocking them. It was not immediately clear who was behind the attack.
While ransomware attacks have been soaring across a range of sectors in recent years, they have rarely disrupted a major financial market. Thursday’s incident is likely to raise questions over market participants’ cybersecurity controls and potentially draw regulatory scrutiny.
The Financial Times reported earlier on Thursday that the US Securities Industry and Financial Markets Association (SIFMA) told members that ICBC had been hit by ransomware that disrupted the US Treasury market by preventing it from settling trades on behalf of other market players.
“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a US Treasury spokesperson said in a response to a question about the FT report.
ICBC, China’s largest commercial lender by assets, was beginning to restore services as of Thursday afternoon, the newspaper said, citing people briefed on the ransomware attack, which paralyses computer systems unless a payment is made.
The US Treasury market appeared to be functioning normally on Thursday, according to LSEG data.
“In general, the event had a limited impact on the market,” said Scott Skrym, executive vice-president for fixed income and repo at broker-dealer Curvature Securities.
ICBC chosen as bookrunner for Saudi Arabia’s US$11 billion syndicated loan
ICBC chosen as bookrunner for Saudi Arabia’s US$11 billion syndicated loan
ICBC said on Thursday it experienced a ransomware attack that resulted in the disruption of certain financial services (FS) systems.
“Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident,” ICBC said in a statement.
SIFMA declined to comment.
According to the data platform Statista, globally organisations detected 493.33 million ransomware attack attempts last year.
Cyber criminal group LockBit was the most prolific ransomware operator throughout 2022, according to the Financial Services Information Sharing and Analysis Centre.
