Ransomware attack on ICBC disrupts trades in US Treasury market

Unlock the Editor’s Digest for free

A ransomware attack on China’s largest bank has disrupted the US Treasury market by forcing clients of the Industrial and Commercial Bank of China to reroute trades, market participants said on Thursday.

The Securities Industry and Financial Markets Association told members on Thursday that ICBC had been hit by ransomware software, which paralyses computer systems unless a payment is made, according to several people familiar with the discussions.

The attack prevented ICBC from settling Treasury trades on behalf of other market participants, according to traders and banks. Market participants, including hedge funds, were rerouting trades because of the disruption but said the attacks’ effect on Treasury market functioning appeared to be limited.

ICBC was starting to restore services as of Thursday afternoon, according to some of the people briefed on the incident.

See also  Ian Blatchford of the Science Museum: "If the art world is not careful, its own piety will eat it alive"

A source familiar with the situation said, “The firm has told people that they’re working to resolve US Treasuries transactions as soon as possible.”

A Treasury department spokesperson said: “We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”

“This is a large party on [the Fixed Income Clearing Corporation], so [it is] certainly of major concern, and potentially impacting liquidity of US Treasuries,” said an executive at a large bank that clears US Treasuries.

ICBC did not immediately respond to a request for comment.

Ransomware attacks have proliferated since the pandemic, in part as remote working has left businesses more vulnerable and as cyber criminal groups have become more organised.

It was, however, “extremely unusual for a bank of their size to be impacted like this”, said Allan Liska, threat intelligence analyst at Recorded Future, noting that the financial sector invests more in cybersecurity than any other industry.

See also  Biden’s misguided pursuit of a Saudi-Israel deal

Earlier on Thursday, “magic circle” law firm Allen & Overy was hit by a ransomware attack on its servers, and said it was investigating the impact and informing impacted clients.

This is a developing story

Source: https://www.ft.com/content/8dd2446b-c8da-4854-9edc-bf841069ccb8