ICBC’s U.S. Unit Hit by Major Ransomware Attack



Key Takeaways

  • ICBC’s U.S. arm suffers a ransomware attack, impacting U.S. Treasury trades.
  • The bank actively manages the situation, clearing trades amid market normalcy.

Disruption in U.S. Treasury Trades

On November 10, the U.S. arm of the Industrial and Commercial Bank of China (ICBC), a major global bank, was hit by a ransomware attack. This cyber assault led to considerable disruptions in the U.S. Treasury market. ICBC Financial Services is currently investigating the incident and is making headway in restoring its systems, as confirmed by the Chinese foreign ministry.


China’s foreign ministry, through spokesperson Wang Wenbin, assured that ICBC is actively working to minimize risks and losses from the attack. Wang also emphasized that ICBC’s head office and its global branches continue to operate normally, suggesting the attack’s impact was confined to its U.S. operations.

Lockbit Suspected in the Attack

The ransomware attack, where hackers lock systems and demand ransom for release, is believed to be the work of Lockbit, an aggressive cybercrime gang. However, as of Thursday evening, Lockbit had not listed ICBC as a victim on its dark website. Cybersecurity experts speculate that the gang may be negotiating with ICBC, hence the absence of public naming.


Allan Liska, a ransomware expert at Recorded Future, pointed out the unusual nature of such a large bank being targeted by ransomware. He highlighted that this attack is part of a growing trend where cyber criminals are becoming increasingly audacious, targeting high-profile institutions without fear of repercussions.

U.S. Efforts Against Cybercrime

The United States has been actively working to combat the surge in cybercrime, particularly ransomware attacks. Recent efforts include improving international cooperation and information sharing to cut off funding routes for ransomware gangs. However, the ICBC incident underscores the ongoing challenges in curbing such crimes.


While the attack on ICBC caused some disruptions, the bank reported that it had successfully cleared Treasury and repo trades. Market sources indicated a limited impact, but some participants experienced settlement issues, potentially affecting market liquidity. This incident will likely prompt further scrutiny of cybersecurity measures within the financial sector.