Representatives from the Industrial and Commercial Bank of China (ICBC) arrived in the United States for an urgent visit to apprise the situation after the bank's US operations were hit with a ransomware attack last week.
They aim to address concerns, stabilise markets through ongoing discussions and calls, and provide updates on when the systems will be back up and running.
The attack hit the US financial services division of ICBC, which resulted in disruptions across the US Treasury market, including failure to clear transactions and efforts to reroute trades.
In a statement issued on Friday, China's Ministry of Foreign Affairs spokesperson, Wang Wenbin, said ICBC "is actively working to minimise the impact and losses following the attack".
Reports indicate the use of LockBit 3.0 software to carry out the attack, developed by LockBit, a criminal gang with ties to Russia.
According to Reuters, on Monday a LockBit gang member said that the bank had paid ransom to get its systems unlocked. The agency, however, added that it could not independently verify this statement.
The attack disrupted the bank's ability to process a significant portion of US Treasury trades, leading many to redirect their orders. As of now, the institution has not yet fully restored normal operations.
Media reports say that immediately after the attack, ICBC was unable to access its systems, leaving it temporarily owing BNY, the settlement agent for Treasuries, US$9 billion (S$12.25 billion) for unsettled trades.
The bank's head office in China injected capital into the US unit, allowing it to settle the trades and pay back BNY Mellon, sources said.
Lockbit is the same group that is suspected of hacking Boeing Co, the UK’s Royal Mail, and ION Trading UK – last year.
Immediately after the attack, the bank started working to reassure market participants that it was in control following the attack.
The bank said it isolated impacted systems to contain the incident.
"ICBC FS has been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts. ICBC FS has also reported this incident to law enforcement,” it added.
US-based IT security company LogRhythm’s vice president, Joanne Wong, told iTnews Asia that for financial institutions, defending against ransomware attacks requires a multifaceted strategy that combines advanced technology, strong cybersecurity protocols, and comprehensive training on cybersecurity best practices.
Industry resources such as the MITRE ATT&CK matrix, are some of the tools that enable security teams to keep up with the evolving threat landscape, Wong said.
Technology aside, a comprehensive backup and recovery strategy to ensure that critical data can be restored in the event of an attack, can help reduce the impact of ransomware, she added.
The US Treasury Department has acknowledged the cyberattack, saying: "We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation."
ICBC said the email and business systems of the US financial services arm operate independently from its China operations, ensuring no impact on the broader organisation's functions.
