Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
A ransomware attack on China’s largest bank has disrupted the US Treasury market by forcing clients of the Industrial and Commercial Bank of China to reroute trades, market participants said on Thursday.
The Securities Industry and Financial Markets Association told members on Thursday that ICBC had been hit by ransomware software, which paralyses computer systems unless a payment is made, according to several people familiar with the discussions.
The attack prevented ICBC from settling Treasury trades on behalf of other market participants, according to traders and banks. Market participants, including hedge funds, were rerouting trades because of the disruption but said the attacks’ effect on Treasury market functioning appeared to be limited.
ICBC was starting to restore services as of Thursday afternoon, according to some of the people briefed on the incident.
A source familiar with the situation said, “The firm has told people that they’re working to resolve US Treasuries transactions as soon as possible.”
A Treasury department spokesperson said: “We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”
“This is a large party on [the Fixed Income Clearing Corporation], so [it is] certainly of major concern, and potentially impacting liquidity of US Treasuries,” said an executive at a large bank that clears US Treasuries.
ICBC did not immediately respond to a request for comment.
Ransomware attacks have proliferated since the pandemic, in part as remote working has left businesses more vulnerable and as cyber criminal groups have become more organised.
It was, however, “extremely unusual for a bank of their size to be impacted like this”, said Allan Liska, threat intelligence analyst at Recorded Future, noting that the financial sector invests more in cybersecurity than any other industry.
Earlier on Thursday, “magic circle” law firm Allen & Overy was hit by a ransomware attack on its servers, and said it was investigating the impact and informing impacted clients.
This is a developing story