The world’s largest bank forced to disconnect and isolate its IT systems. The protagonist is the American branch of the Industrial and Commercial Bank of China (ICBC), hit by a ransomware attack that interrupted transactions in the US Treasury market on Thursday. It is only the latest in a series of cases in which hackers aim to demand a ransom and which the bank is investigating.
The American division of the largest Chinese bank by assets was therefore hit by an attack that interrupted some of its systems. The company is currently making progress towards recovering the situation but, to try to contain the incident, it has decided to disconnect and isolate the affected systems, according to some also returning to the use of USB sticks to communicate details and transactions to customers . China’s Foreign Ministry said the bank was trying to minimize the impact of risks and losses. “ICBC has been closely monitoring the matter and has done its best in emergency response and communication with supervisory authorities,” spokesman Wang Wenbin said in a briefing. Wang also added that activities remained normal at the institute’s headquarters and other branches domestically and around the world.
How the hacker attack works
Hackers operate by locking the victim organization’s systems and demanding a ransom for unlocking, often also stealing sensitive data for ransom. According to some experts and analysts, a cybercriminal gang known as Lockbit who are believed to have connections to Russia may be behind the attack. Since it was discovered in 2020, the group has affected 1,700 American organizations, according to data from the US Cybersecurity and Infrastructure Security Agency (Cisa). ICBC said it successfully liquidated transactions in the U.S. Treasury market on Wednesday and repo financing transactions on Thursday.