Industrial & Commercial Bank of China Ltd (ICBC), the world’s largest lender by assets, is reportedly the latest target of the notorious Lockbit ransomware gang, believed to be responsible for recent attacks on Boeing Co, ION Trading UK, and the UK’s Royal Mail within the past year.
Sources familiar with the matter, who requested anonymity as the information is not yet public, indicate that Lockbit orchestrated a ransomware attack on ICBC’s US unit, causing disruptions across the US Treasury market. Some transactions have failed to clear, prompting traders to reroute their deals.
Lockbit, a criminal group with reported ties to Russia, specializes in deploying ransomware to encrypt files on victims’ computers, subsequently demanding payment for file decryption. Earlier this year, the group claimed responsibility for an attack on ION, paralyzing derivatives trading across various markets and forcing manual processing of trades by several banks and brokers.
ICBC confirmed the ransomware attack in a statement on its website, acknowledging disruptions at its ICBC Financial Services unit. The bank is conducting a comprehensive investigation and actively working on recovery efforts. Notably, ICBC emphasized that its head office and other domestic and overseas affiliates, including its New York branch, remained unaffected by the cyber assault.
A week prior to the ICBC incident, Boeing disclosed a cyberattack impacting the website responsible for selling spare aircraft parts, software, and services. Lockbit, in a bold move, threatened to release sensitive data belonging to Boeing if a ransom wasn’t paid by November 2. The hackers displayed the company’s name on their website, accompanied by a countdown. Strikingly, the name later vanished from the site.
Lockbit’s recent victims include Japan’s largest maritime port, the UK’s Royal Mail, California’s finance department, and a children’s hospital in Canada.
In response to the ICBC attack, the bank stated, “We are conducting a thorough investigation into the incident and progressing our recovery efforts to ensure the security and stability of our systems.” The incident adds ICBC to the growing list of major entities grappling with the increasingly sophisticated and impactful cyber threats orchestrated by ransomware groups.