Industrial and Commercial Bank of China (ICBC) office building in Lujiazui downtown district. Shutterstock/ Andy Feng

The Industrial and Commercial Bank of China (ICBC), China’s largest bank, faced a significant cyberattack that disrupted the trading of US treasuries within its US financial services division.

The ICBC, a leading global lender by assets, confirmed on Thursday (9 Nov) that its financial services arm, ICBC Financial Services, fell victim to a ransomware attack, resulting in disruptions to certain systems. The state-owned bank responded swiftly by isolating affected systems to contain the incident.

Ransomware, a prevalent form of cyberattack, involves hackers taking control of systems or information and demanding a ransom for their release. While the ICBC did not disclose the perpetrator, security experts identified the hacking group LockBit as the likely source of the attack.

The ICBC assured that it initiated a thorough investigation and is actively working with law enforcement to address the situation. The bank, emphasising the independence of its US financial services arm, stated that the email and business systems were unaffected in its China operations and other affiliated institutions.

Despite ICBC’s claims of successfully clearing US treasury trades executed on Wednesday (8 Nov) and other trades on Thursday, various news outlets reported disruptions to US treasury trades.

The identity of the attacker remains unknown, as cybercriminals often employ techniques to conceal their locations and identities. However, cybersecurity experts identified the ransomware used as LockBit 3.0, a formidable challenge due to its unique password requirement for each instance.

LockBit, responsible for around 28% of known ransomware attacks from July 2022 to June 2023, operates using a “ransomware-as-a-service” model. The group’s leader, known as “LockBitSup,” sells the malicious software to other hackers, or affiliates, who carry out cyberattacks.

LockBit has previously claimed responsibility for ransomware attacks on Boeing and the UK’s Royal Mail. The group, not politically motivated according to its claims, is known for targeting small and medium-sized businesses.

While ICBC is actively managing the aftermath of the attack, the cybersecurity community faces the ongoing challenge of identifying and countering evolving cyber threats from groups like LockBit.

Go deeper with GlobalData

Premium Insights

The gold standard of business intelligence.

Find out more

Related Company Profiles

View all

Last month, the US has led 40 countries in an alliance against paying ransomware, following reports that it was pressuring the countries against paying ransom earlier this October

This alliance comes after the US has stated that the number of ransomware cyberattacks has increased worldwide, with the US facing around 46% of the attacks. 

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.