Report Details Aftermath of ICBC LockBit Ransomware AttackNew Analysis Says Cyberattack Sent Failed Trading Rates Soaring to $60 Billion
New reports are beginning to reveal the extent of fallout from a ransomware attack that targeted the Industrial and Commercial Bank of China and ripple effects on U.S. trading markets.
In an investors service cyber report on Monday, Moody's Corp. suggested the attack created trade settlement issues that the Federal Reserve must now resolve, and it partially disrupted the market in U.S. Treasury investments.
The attack sent failed trading rates in the U.S. Treasury market soaring to $60 billion as of Nov. 9, the analysis suggested, nearing a record high for 2023. Those rates have since returned to normal levels, and Treasury Secretary Janet Yellen later said the hack did not have a material impact on the Treasury market.
ICBC's Financial Services Unit was unable to clear U.S. Treasury trades and subsequently isolated its affected systems after the attack shut down the bank's New York subsidiary. The unit was temporarily unable to access its corporate email accounts and was forced to send crucial settlement details for its trades to affected parties on a USB stick via a messenger in Manhattan.
LockBit - a prominent Russian-speaking hacking group that offers ransomware as a service to its affiliates - took responsibility for the attack and asserted the bank has since completed a ransomware payment to help restore its systems.
In a message sent to Reuters, a representative for the hacking group wrote: "They paid a ransom, deal closed."
Moody's, a global investment rating, credit risk and research company, indicated that the attack did not cause significant stress in the U.S. market and said that ICBC's losses "as a whole are manageable, though some reputational damage to ICBC FS is possible."
While the incident "did not morph into systemic risk in the financial sector," due to the nature of the attack and ICBC's overall financial strength, the report also said the damage "could have been more widespread and systemic" if the attack had involved wiper malware such as the NotPetya cyberattack in June 2017 that paralyzed many global financial institutions.
Fortune Magazine has described ICBC - which earned more than $53 billion in profits last year on a total revenue of $214 billion - as the largest commercial bank in the world. Had the attack occurred on a smaller financial institution, Moody's said, "The incident could have created knock-on effects to settlement and confidence with potentially broader market effects."