China’s Largest Bank’s US Branch Suffers Ransomware LockBit Attack

Last Updated:
Dwpbank's wpNex Brings BTC Trading To 1200 German Affiliate Banks
  • China’s largest bank’s U.S. branch suffered a ransomware attack that disrupted the U.S. Treasury’s market activities. 
  • Market participants were forced to reroute their trades and seek alternatives in Thursday’s trading session. 
  • The ransomware, LockBit, locks users out of their accounts and demands payment in crypto, such as Bitcoin, Zcash, and Monero.

The U.S. subsidiary of China’s largest bank, Industrial and Commercial Bank of China Financial Services (ICBCFS), fell victim to a ransomware called LockBit, disrupting activities and causing chaos in the U.S. Treasury Market, the Financial Times reported. LockBit often locks users out of their computers and demands payment in cryptocurrencies, such as Bitcoin, Monero, and Zcash, for users to gain access. 

According to traders and banks, the hack restricted ICBCFS from completing Treasury contracts on behalf of other market participants. Furthermore, certain equities were also disrupted, forcing clients of the bank to reroute their trades and seek other alternatives on Thursday. 

The hack first came to light on Wednesday when the Securities Industry and Financial Markets Association notified members of the ransomware attack. The report noted that the attack on the bank was unexpected, given ICBCFS’s size and how much banks often invest in cybersecurity. 

While market participants like hedge funds and asset managers were forced to reroute trades because of the hack, the report stated that the effect on the overall market has been minimal. However, certain market participants still expressed concerns about the attack’s impact on the Treasury market. 

The report noted that LockBit 3.0 software was used to carry out the attack, citing two sources. The application was created by LockBit, a prominent cybercrime organization that has attacked major targets, including the Royal Mail, the City of London, and ION, with crippling effects. 

Along with renting out its malware to affiliates, the group—which is thought to be based in Russia and Eastern Europe—uses a business model called ransomware as a service, or RaaS. According to the report, it was unclear if one of the group’s clients or the criminal organization was behind Thursday’s breach.  

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.