Cybersecurity

Ransomware hits world’s largest bank, raising concerns about security of financial sector

A suspected LockBit attack on a subsidiary of the world’s largest bank could be a wake-up call for security in fintech.
article cover

Hannah Minn

3 min read

A ransomware attack on the world’s largest bank, the Industrial and Commercial Bank of China (ICBC), on Nov. 8 sent Wall Street reeling and has undermined confidence in the security of the worldwide financial system.

Reuters reported the infiltration of digital systems at ICBC’s US broker-dealer, ICBC Financial Services (ICBC FS), was sweeping enough that it knocked corporate email offline and required ICBC to inject the subsidiary with cash to pay off a temporary debt of $9 billion to BNY Mellon for unsettled trades. ICBC was forced to settle “swathes of US Treasury trades” by USB sticks after other financial institutions disconnected from ICBC systems, the Sydney Morning Herald reported.

Reuters noted that while ICBC is massive, the US unit in question is relatively modest “by Wall Street standards” at $480.7 million in net capital.

In a notice on ICBC FS’s website, the brokerage acknowledged a Nov. 8 “ransomware attack that resulted in disruption to certain FS systems,” adding that it immediately “disconnected and isolated impacted systems to contain the incident.” ICBC FS said it is conducting a “thorough investigation,” working with information security experts and police, and had “successfully cleared” Treasury trades on the date of the incident and Repo financing trades the next day.

“The systems of the ICBC Head Office and other domestic and overseas affiliated institutions were not affected by this incident, nor was the ICBC New York Branch,” the statement continued.

Reuters separately reported that LockBit, the ransomware gang that has taken responsibility for the attack, said via a representative that ICBC had “paid a ransom, deal closed.” LockBit is considered one of the world’s most prolific ransomware groups and recently threatened aerospace, defense, and telecommunications giant Boeing that it had stolen a “tremendous amount” of sensitive company data.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

The South China Morning Post wrote that while ransomware attacks have rarely interrupted a major financial market to this degree, its sources characterized disruption in the $25 trillion US Treasury market as limited. Bloomberg reported top ICBC executives quickly flew stateside to do damage control and spoke to the Securities Industry and Financial Markets Association, although one attendee told the news agency some left without a clear understanding of the bank’s plan.

The Financial Times argued the attack was “alarming” and a “wake-up call for financial corporations and regulators,” noting that LockBit has also recently attempted to attack suppliers of trading software in the UK. The board argued the biggest risk of such attacks could be cascading effects like “directly [sparking] liquidity strains, bank runs, and capital flight,” as the world financial markets are so interconnected disruption at one institution could destabilize others or trigger a broader panic.

A May 2022 KPMG poll of 100 executives from the US’s largest banks found 81% expect cybersecurity threats to increase, while 43% worried banks are “ill-equipped” to protect customer data and assets in the event of an incident. The International Monetary Fund warned in March 2023 it had found 56% of “central banks or supervisory authorities do not have a national cyber strategy for the financial sector,” while 68% lack a “specialized risk unit as part of their supervision department.”

ICBC did not immediately respond to IT Brew’s request for comment on this story.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.