Wall Street and Beijing fight fallout of ransomware attack on China’s biggest bank

News

Unlock the Editor’s Digest for free

The Industrial and Commercial Bank of China is trying to minimise losses after a ransomware attack on the country’s biggest bank disrupted the market for US Treasuries, the Chinese foreign ministry said.

At a briefing on Friday, the ministry said ICBC had done a good job in handling the attack on its financial services arm.

“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” said ministry spokesperson Wang Wenbin.

New York-based ICBC Financial Services has in recent years become a key player on Wall Street for Treasury clearance as Chinese lenders have expanded overseas.

It is the only Chinese broker with a securities clearing licence in the US, ICBC said in a post on an official social media account in China this year. It created the business after buying the prime dealer services unit of Fortis Securities in 2010.

A notice on ICBC FS’s website on Thursday evening confirmed a Financial Times story that it had “experienced a ransomware attack that resulted in disruption to certain [financial services] systems”. The attack had begun on Wednesday.

The bank was “conducting a thorough investigation and . . . progressing its recovery efforts” with the help of information security experts, it added, saying neither the head office nor the New York branch of ICBC itself was affected.

The attack prevented ICBC FS from settling Treasury trades on behalf of other market participants, according to traders and banks. Hedge funds and asset managers rerouted trades because of the disruption and the attack had some effect on Treasury market liquidity, according to trading sources.

The cyber attack is “limited in impact and almost resolved”, according to a Chinese regulatory source. The attack “won’t trigger further regulatory review at this point on the vulnerability of offshore systems of Chinese financial institutions in general”, this person said, adding that the case had been reported to China’s National Administration of Financial Regulation (NAFR), which supervises the country’s commercial banks.

After news of the ransomware attack emerged, employees at ICBC’s Beijing headquarters held urgent meetings with their US unit, according to a staff member who participated in these meetings.

NAFR, China’s central bank and ICBC did not immediately reply to emailed requests for comments. Shares in ICBC fell 0.5 per cent in Hong Kong on Friday, while Shanghai-listed shares traded flat in mainland markets.

Ransomware attacks have proliferated since the coronavirus pandemic, in part as remote working has left businesses more vulnerable and as cyber criminal groups have become more organised.

“The ICBC incident is a reminder of the high stakes involved and the essential role of placing people and measurable behaviour change central to safeguarding an organisation’s digital assets,” said Oz Alashe, founder of CybSafe, a British cyber security and data analytics firm.

“With the rising severity, sophistication and frequency of cyber attacks, often involving human error, companies urgently need to rethink their approach to ransomware defence,” he said.

ICBC FS had assets totalling $24.5bn at the end of June 2023, and booked a loss of $11.8mn during the first six months of 2023, according to the parent group’s half-year report. ICBC, meanwhile, had total assets of Rmb43.7tn ($5.9tn) at the end of June.