China’s Largest Bank Suffers Ransomware LockBit Attack

  • China’s largest bank’s U.S. branch suffered a ransomware attack that disrupted the U.S. Treasury’s market activities. 
  • Market participants were forced to reroute their trades and seek alternatives in Thursday’s trading session. 
  • The ransomware, LockBit, locks users out of their accounts and demands payment in crypto, such as Bitcoin, Zcash, and Monero.

According to the Financial Times, the U.S. affiliate of China’s largest bank, Industrial and Commercial Bank of China Financial Services (ICBCFS), was victimized by a ransomware named LockBit, disrupting activities and generating confusion in the US Treasury Market. LockBit frequently locks customers out of their computers and demands payment in cryptocurrencies such as Bitcoin, Monero, and Zcash. 

The intrusion, according to dealers and banks, prevented ICBCFS from fulfilling Treasury contracts on behalf of other market players. Furthermore, certain equities were affected, causing the bank’s clients to reroute their trades and seek alternate options on Thursday. 

The ransomware attack was revealed to members of the Securities Industry and Financial Markets Association on Wednesday. According to the research, the attack on the bank was surprising, given the size of ICBCFS and how much banks typically invest in cybersecurity. 

Read Also: Crypto Exchange CoinSpot Reportedly Suffers $2m Hot Wallet Hack

While market participants such as hedge funds and asset managers were obliged to reroute trades as a result of the intrusion, the research stated that the overall market impact was minor. Nonetheless, several market participants expressed concern about the impact of the strike on the Treasury market. 

The attack was carried out using LockBit 3.0 software, according to the article, which cited two sources. The application was developed by LockBit, a well-known cybercrime group that has crippled significant targets such as the Royal Mail, the City of London, and ION. 

The gang, which is assumed to be based in Russia and Eastern Europe, uses a business model known as ransomware as a service, or RaaS, in addition to renting out its software to affiliates. According to the article, it was unclear whether the breach was carried out by one of the group’s clients or by a criminal organization.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *