The US trading arm of the Industrial and Commercial Bank of China (ICBC) was hit by a ransomware attack on November 8, 2023, which forced the bank to handle trades via messengers carrying USB thumb drives across Manhattan.
The ransomware attack disrupted ICBC’s financial services systems, rendering it unable to clear swathes of US Treasury trades after entities responsible for settling the transactions swiftly disconnected from the stricken systems. The bank had to send the required settlement details to those parties by a messenger carrying a thumb drive as the state-owned lender raced to limit the damage.
The attack is believed to have been carried out by the Russia-linked LockBit ransomware gang. The bank will engage in proper supervision and communication to minimize the risks, impact, and losses.
Table of Contents
Latest Updates on ICBC bank ransomware attack
As of November 11, 2023, ICBC’s US trading arm is still dealing with the aftermath of the ransomware attack that occurred on November 8, 2023. ICBC successfully cleared U.S. Treasury trades executed on Wednesday and repo financing trades done on Thursday. The bank is conducting a thorough investigation into the security incident and working on recovery. The impact of the attack on ICBC’s clients is unclear, but the bank is working to minimize the impact of risks and losses.
Background
- ICBC’s US trading arm was hit by a ransomware attack on November 8, 2023, disrupting trades in the US Treasury market.
- The attack, claimed by the Lockbit ransomware gang with ties to Russia, prevented ICBC’s US arm from settling Treasury trades on behalf of other market participants.
- ICBC Financial Services acknowledged the ransomware attack, stating it resulted in disruption to certain financial services systems. The bank immediately disconnected and isolated impacted systems to contain the incident.
- Traders and banks reported that the ransomware attack led to the inability of ICBC’s US arm to settle Treasury trades for other market participants.
- ICBC successfully cleared U.S. Treasury trades executed on Wednesday and repo financing trades done on Thursday, despite the disruption caused by the attack.
- In response to the attack, the bank had to reroute some trades and handle them manually via messengers carrying USB thumb drives across Manhattan.
- ICBC is actively investigating the attack and working on recovery measures while striving to minimize the impact of risks and losses.
How did icbc bank respond to the ransomware attack?
ICBC responded to the ransomware attack by immediately isolating the impacted systems to contain the incident. The bank also informed relevant authorities and is conducting a thorough investigation into the security incident. ICBC successfully cleared U.S. Treasury trades executed on Wednesday and repo financing trades done on Thursday. The bank also rerouted some trades handled by ICBC FS on Thursday, which were transported across Manhattan on a USB stick as messengers manually relayed required settlement details.
ICBC is trying to minimize the risk impact and losses after the attack. The bank is also engaging in proper supervision and communication to minimize the risks, impact, and losses.