China’s biggest lender, ICBC, hit by ransomware attack. The latest victim of a ransomware assault that halted transactions in the U.S. Treasury market this year was the Industrial and Commercial Bank of China’s (ICBC) U.S. unit on Thursday. Ransomware attacks have claimed several victims this year.

ICBC Financial Services, the largest commercial lender in China in terms of assets, stated that it was looking into the assault that caused some system disruptions and was working to get back up and running.

On Friday, China’s foreign ministry stated that the lender is working to reduce losses and risk effects after the attack. At a routine press briefing, ministry spokeswoman Wang Wenbin said, “ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication.”

The ICBC headquarters, as well as its numerous offices and subsidiaries worldwide, are still operating normally, according to Wang.

In these kinds of assaults, hackers take control of the systems of the victim organization, demand a ransom to release it, and frequently steal confidential information for extortion.

Although the group’s dark website, where it usually displays the names of its victims, did not include ICBC as a victim as of Thursday evening, several ransomware specialists and analysts indicated that an aggressive cybercrime gang dubbed Lockbit was thought to be behind the breach. An email submitted to Lockbit’s contact address on the website asking for comments was unanswered.

Ransomware specialist Allan Liska of the cybersecurity company Recorded Future stated, “We don’t often see a bank this large get hit with this disruptive ransomware attack.” Ransomware gangs might not publicly identify and disgrace their victims during negotiations, according to Liska, who also thinks Lockbit was responsible for the breach.

“This attack continues a trend of increasing brazenness by ransomware groups,” according to him. “Without fear of repercussions, ransomware groups feel no target is off limits.” The surge of cybercrime, primarily ransomware assaults, that affect hundreds of businesses annually in almost every industry has proven difficult for American authorities to contain. Only last week, U.S. officials said they were attempting to improve information-sharing on ransomware groups across a 40-country coalition to reduce the financing sources for these criminals.

The ICBC remained silent when asked if Lockbit was responsible for the hack. Targets frequently refuse to make the identities of cybercrime groups publicly known. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reports that Lockbit has affected 1,700 U.S. enterprises since it was identified in 2020. It threatened Boeing with a disclosure of confidential information last month.

For information on the ICBC hack, a CISA representative directed inquiries to the U.S. Treasury Department.

Market insiders claimed the hack’s impact was little, but it did highlight how susceptible big businesses’ systems, like the bank’s, still are. The Thursday event will probably cause regulators to look closely at market players’ cybersecurity measures.

ICBC said that repurchase agreement (repo) financing contracts completed on Thursday and Treasury trades completed on Wednesday had been satisfactorily cleared. Scott Skrym, executive vice president for fixed income and repo at broker-dealer Curvature Securities, stated, “in general, the event had a limited impact on the market.”

Certain market players reported that the hack prevented deals executed via ICBC from being finalized, impacting market liquidity. It was unclear if this played a role in Thursday’s poor performance at a 30-year bond sale. According to Michael Gladchun, assistant portfolio manager, core plus fixed income, at Loomis Sayles, “there might have been some technical issues with some participants not being able to access the market fully on the day.”

The U.S. Securities Industry and Financial Markets Association (SIFMA) informed members that ICBC (601398.  S.S.) had been infected with ransomware, which upset the U.S. Treasury market by stopping it from settling deals on behalf of other market participants, according to a story published in the Financial Times earlier on Thursday.

“We are in regular contact with important players in the financial sector and are cognizant of the cybersecurity issue, in addition to federal regulators.” A Treasury official responded to a query over the F.T. article, saying, “We continue to monitor the situation.” SIFMA did not want to comment. LSEG data indicates that the Treasury market seemed to be operating as usual on Thursday.