Advertisement

ICBC flies top executives to US in race to contain fallout of hack by ransomware gang LockBit

  • ICBC is racing to reassure market participants it has a handle on the situation following the attack by prolific ransomware gang LockBit
  • LockBit said that it had received a ransom payment from ICBC on Monday, but did not provide details

Reading Time:2 minutes
Why you can trust SCMP
ICBC confirmed that a ransomware attack at its ICBC Financial Services unit had disrupted some of its systems last week. Photo: Reuters

Within days of a cyberattack at its US unit, members of Industrial and Commercial Bank of China’s (ICBC) management were on a plane.

Advertisement

Officials from the world’s largest lender arrived in the US over the weekend in a hastily arranged trip to limit fallout from the incident last week, people with knowledge of the situation said. As they sought to calm markets through a steady stream of discussions and calls, one question remained unanswered: when will the stricken systems start functioning again?

The bank is racing to reassure market participants it has a handle on the situation following the attack by prolific ransomware gang LockBit, which rendered it unable to clear swathes of US Treasury trades and forced many to reroute their orders. The firm has yet to restore normal operations.

On Friday, senior ICBC executives spoke with hundreds of member firms of the Securities Industry and Financial Markets Association (Sifma) in a bid to allay concerns, according to people familiar with the matter who asked not to be identified discussing private information. Some participants left without a clear outline of ICBC’s response, one of the people said.

Ransomware gang LockBit uses malicious software known to encrypt files on its victims’ computers. Photo: Shutterstock
Ransomware gang LockBit uses malicious software known to encrypt files on its victims’ computers. Photo: Shutterstock

And while the bank has been working to restore access to its systems, a subsequent investigation and ongoing discussions with regulators have made any resumption of normal service hard to predict, one of the people said.

Advertisement

The incident also prompted China’s National Administration of Financial Regulation (NAFR) to issue guidance last week pressing large banks with offshore units to bolster their defences against potential cyberattacks, another person familiar with the matter said.

Advertisement