Report by Shuchi Giridhar
On 9th November 2023, the U.S. financial services division of China’s ICBC (Industrial And Commercial Bank Of China) was hit by a cyber-attack that disrupted the trading of Treasuries. The Chinese bank is the world’s largest bank and is also the world’s largest lender by assets. Certain systems were affected by the attack. These systems were immediately isolated (separated from the rest of the bank’s computers) to control the situation and restrict it to affected computers.
The hacker has claimed that the ransom was paid. ICBC has not made an official statement on this subject, but has indicated that it is in the process of recovering its systems and putting them back on track.
An attack on one financial service company has a ripple effect in the entire industry. For that reason, attacks on certain industries, like money-based ones, are particularly important.
What is a ransomware attack?
A ransomware attack is a form of attack in which the hacker takes data from the victim’s computer or network and encrypts (converts information or data into code) important files and demands a ransom to restore the files. Malware is software that is specifically designed to disrupt, damage, or gain unauthorised access to a system.
What do we know about this attack?
Finding out who is behind the attack is tough due to the various techniques hackers apply to mask their location and identity. The founder of TrueSec Cybersecurity says that the software behind the ransomware attack is the LockBit 3.0. This kind of ransomware can enter an organization in many ways like by clicking a malicious link.
What is LockBit ?
LockBit is the group behind the software. The leader of the group goes by the name ‘LockBitSup’ on dark web hacking forums. It goes by the business model known as ‘Ransomware as a service’. LockBit sells its software to other hackers known as affiliates who then attack people using it. LockBit has been identified as Russian. Small or medium-sized businesses are the main target of the group’s malware. LockBit has also previously deployed an attack on Boeing and the UK’s Royal Mail.
It is estimated that Lockbit has targeted about 1700 American businesses.