Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters

The logo of Industrial and Commercial Bank of China (ICBC) is pictured at the entrance to its branch in Beijing, China April 1, 2019. REUTERS/Florence Lo/File Photo Acquire Licensing Rights

LONDON, Nov 13 (Reuters) - China's biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a Lockbit ransomware gang representative said on Monday in a statement which Reuters was unable to independently verify.

ICBC, whose U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Nov. 9, did not immediately respond to a request for comment.

"They paid a ransom, deal closed," the Lockbit representative told Reuters via Tox, an online messaging app.

The blackout at ICBC's U.S. broker-dealer left it temporarily owing BNY Mellon BK.N $9 billion, an amount many times larger than its net capital.

The hack was so extensive that even corporate email at the firm ceased to function, forcing employees to switch to Google mail, Reuters reported.

"The market is mostly back to normal now," said Zhiwei Ren, a portfolio manager at Penn Mutual Asset Management.

The ransomware attack came at a time of heightened worries about the resiliency of the $26 trillion Treasury market, essential to the plumbing of global finance, and is likely to draw scrutiny from regulators.

A spokesperson for the U.S. Treasury Department did not immediately provide comment on Monday.

The Financial Services Information Sharing and Analysis Center, a financial industry cybersecurity group, said financial firms have well-established protocols for sharing information on such incidents.

"We are reminding members to stay current on all protective measures and patch critical vulnerabilities immediately," a spokesperson said in a statement, adding: "Ransomware remains one of the top threat vectors facing the financial sector."

Lockbit has hacked some of the world's largest organisations in recent months, stealing and leaking sensitive data in cases where victims refused to pay ransom.

In just three years, it has become the world's top ransomware threat, according to U.S. officials.

Nowhere has it been more disruptive than in the United States, hitting more than 1,700 American organisations in nearly every sector from financial services and food to schools, transportation and government departments.

Authorities have long advised against paying ransomware gangs in a bid to break the criminals' business model. Ransom is usually demanded in the form of cryptocurrency, which is harder to trace and gives the receiver anonymity.

Some companies have quietly paid up in a bid to get back online quickly and avoid the reputational damage of having their sensitive data publicly leaked. Victims who do not have digital backups that allow them to restore their systems without the need of a decryption key sometimes have no choice but to pay.

Last week, Lockbit hackers published internal data from aerospace giant Boeing BA.N and said on their website they had infected computer systems at law firm Allen & Overy.

Reporting by James Pearson in London; Additional reporting by Davide Barbuscia, Carolina Mandl and Tatiana Bautzer in New York, and Pete Schroeder in Washington DC; Editing by Michelle Price, David Goodman, Jonathan Oatis and Alexander Smith

Our Standards: The Thomson Reuters Trust Principles.

Thomson Reuters

Reports on hacks, leaks and digital espionage in Europe. Ten years at Reuters with previous postings in Hanoi as Bureau Chief and Seoul as Korea Correspondent. Author of 'North Korea Confidential', a book about daily life in North Korea. Contact: 447927347451

President Joe Biden's administration on Monday announced steps aimed at freeing up additional wireless spectrum for advanced technology needs and soaring U.S. wireless demand including by repurposing spectrum currently set aside for parts of the federal government.

Reuters, the news and media division of Thomson Reuters, is the worldâs largest multimedia news provider, reaching billions of people worldwide every day. Reuters provides business, financial, national and international news to professionals via desktop terminals, the world's media organizations, industry events and directly to consumers.

Build the strongest argument relying on authoritative content, attorney-editor expertise, and industry defining technology.

The most comprehensive solution to manage all your complex and ever-expanding tax and compliance needs.

The industry leader for online information for tax, accounting and finance professionals.

Access unmatched financial data, news and content in a highly-customised workflow experience on desktop, web and mobile.

Browse an unrivalled portfolio of real-time and historical market data and insights from worldwide sources and experts.

Screen for heightened risk individual and entities globally to help uncover hidden risks in business relationships and human networks.

All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays.

© 2023 Reuters. All rights reserved