The United States financial services division of Chinese Bank ICBC was hit by a cyberattack that reportedly affected the trade of the U.S. Treasury on Thursday, November 9. The firm was hit with ransomware from the LockBit cybercriminal group, which has plagued enterprises in recent years. According to the cybercriminal gang responsible for the attack, it was revealed that ICBC paid the ransom to end the attack against its operations.
“They paid a ransom, deal closed,” the LockBit representative told Reuters via Tox, an online messaging app.
The amount paid has not been revealed.
The Industrial and Commercial Bank of China (ICBC), is the world’s largest lender by assets.
Immediately after the attack was detected, ICBC stated that they began “isolating impacted systems to contain the incident,” in a public announcement.
The cyberattack was so disruptive it forced ICBC to continue its operations by USB thumb drives and use Google email accounts since its corporate email system was offline, according to Reuters.
The disruption led to ICBC temporarily owing BNY Mellon $9 billion for unsettled trades.
LockBit Ransomware Strikes Again
LockBit has become the most disruptive, powerful ransomware cybercriminal gang within just three years. They have attacked over 1,700 U.S. entities ranging from city governments, hospitals, and critical infrastructure.
The victim list across the globe of LockBit grows seemingly every day on the dark web, where data is exfiltrated and sold.
Frequently, cybercriminal gangs of less sophistication can leverage the LockBit ransomware tools and are de facto “affiliates” of the primary group, earning commissions and payouts for successful cyberattacks.
Ransomware infects the victim’s network infrastructure and typically demands a cryptocurrency payment to gain access to a decryption tool or token which can then restore IT infrastructure and operations.
While even the Federal Bureau of Investigation strictly recommends not paying ransoms—there is no guarantee that you will be able to decrypt your data and restore operations by paying—many enterprises are left with little choice as the cost of downtime and completely rebuilding infected IT infrastructure is too costly and slow.
This creates a repeatable, scalable business model for cybercriminals knowing that targets more than likely will pay.
