In a major cybersecurity incident, Industrial and Commercial Bank of China (ICBC), the world’s largest bank by assets, was hit by a ransomware attack in early November 2023. The attack reportedly affected ICBC’s U.S. operations and disrupted trading in the U.S. Treasury market.
ICBC confirmed the attack in a statement, saying that it had “isolated impacted systems to contain the incident” and was “investigating the source of the attack and working to restore normal operations as quickly as possible.” The bank did not disclose the amount of ransom demanded or whether it paid a ransom.
Security experts have identified the ransomware used in the attack as LockBit 3.0, a type of malware that is known for its ability to encrypt critical data and demand large ransom payments. LockBit has been responsible for a number of high-profile ransomware attacks in recent years, including attacks on the Colonial Pipeline and JBS Foods.
The attack on ICBC is a significant development in the growing threat of ransomware attacks to financial institutions. In recent years, financial institutions have been increasingly targeted by ransomware attackers, who see them as lucrative targets due to the large amounts of money they hold.
The ICBC attack highlights the importance of having strong cybersecurity measures in place to protect against ransomware attacks. Financial institutions should take steps to protect themselves by implementing the following measures:
- Implementing strong access controls to prevent unauthorized access to systems and data.
- Encrypting sensitive data to protect it from being encrypted by ransomware.
- Creating regular backups of data to allow for quick recovery in the event of a ransomware attack.
- Educating employees about the risks of ransomware and how to identify and avoid phishing attacks.
Ransomware attacks can have a devastating impact on businesses, causing downtime, reputational damage, and financial losses. By taking steps to protect themselves, financial institutions can help to mitigate the risk of ransomware attacks and protect their customers’ data.