The US arm of the Chinese state-owned commercial bank, Industrial and Commercial Bank of China (ICBC), which was hit by a ransomware attack on November 9 that disrupted trade in the US treasury market, has reportedly paid the amount to the hackers.
However, no official statement has come out from either the bank or the US treasury secretary.
Ransomware is malicious software that hacks information by blocking or threatening to display sensitive data in the public domain in return for a ransom. On November 9, the US branch of the bank was hit by ransomware called Lockbit 3.0.
On Monday, November 13, a representative of Lockbit told Reuters that the “ransom was paid and deal has been closed.”
Earlier, US treasury secretary Janet Yellen dismissed the cyber attack as a ‘minimum disruptive’. “We’ve not seen an impact on the treasury market,” Yellen had told reporters.
ICBC, according to Forbes magazine, is also the 3rd largest and most profitable bank in the world, after JP Morgan Chase and Bank of America.
Speaking to Reuters, ransomware expert Allan Liska said that banks as large as ICBC do not normally get hit by disruptive ransomware. “Successful cyberattacks on banks are rare since the financial industry is extremely well protected, with serious investment in cybersecurity and segmented operations to discourage theft. Thus, this particular attack is somewhat unprecedented,” Liska said.
The latest attack shows just how vulnerable systems are, and is likely to question cyber security protocols.
