Russia-linked crypto ransomware hits U.S. arm of Chinese lender

A Russian-speaking crypto ransomware gang LockBit has attacked ICBCFS arm in the U.S.

Cryptocurrency ransomware gang LockBit has attacked the U.S. arm of the Industrial and Commercial Bank of China Financial Services (ICBCFS). Currently, it prevents the bank from settling Treasury trades, the Financial Times (FT) reports, citing market participants.

Although details of the attack are yet to be disclosed, bankers and traders interviewed by FT say some equity trades were affected, disrupting trades in the U.S. Treasury market. According to Reuters, ICBCFS has confirmed the attack, saying it is investigating and is working on recovering from it. It is not clear if the bank paid the ransom.

Chinese Foreign Ministry spokesperson Wang Wenbin said the bank “has been closely monitoring the matter and has done its best in emergency response and supervisory communication.”

According to FT sources, the Securities Industry and Financial Markets Association notified its members, saying that ICBCFS had been hit by “ransomware software, which paralyses computer systems unless a payment is made.”

“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”

U.S. Treasury department spokesperson

People familiar with the matter told the Financial Times that the attack was carried out with the help of LockBit 3.0, a ransomware software developed by Russia-linked cyber gang LockBit.

According to the U.S. Department of Justice, the LockBit ransomware variant first appeared around January 2020. The bad actors have executed over 1,400 attacks against victims in the U.S. and around the world, issuing over $100 million in ransom demands and receiving over $75 million in ransom payments in the form of a cryptocurrency.