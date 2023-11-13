The logo of the Industrial and Commercial Bank of China (ICBC) is pictured at the entrance of its branch in Beijing, China, on April 1, 2019. Reuters/Florence Low/File Photo Get licensing rights

LONDON, Nov 13 (Reuters) – China’s biggest lender, the Industrial and Commercial Bank of China, paid a ransom after it was hacked last week, a representative of the Lockbit ransomware gang said in a statement on Monday, which Reuters independently obtained. Was unable to verify from.

ICBC, whose U.S. branch was hit by a ransomware attack on Nov. 9 that disrupted trading in the U.S. Treasury market, did not immediately respond to a request for comment.

“They paid the ransom, the deal is off,” a Lockbit representative told Reuters via Talks, an online messaging app.

ICBC temporarily owed $9 billion to BNY Mellon BK.N due to a blackout at its U.S. broker-dealer, an amount many times its net worth.

As Reuters reports, the hack was so widespread that even corporate email at the company stopped working, forcing employees to switch to Google Mail.

“The market is almost back to normal now,” said Ziwei Ren, portfolio manager at Penn Mutual Asset Management.

The ransomware attack comes at a time of heightened concerns about the resilience of the $26 trillion Treasury market, which is essential to the pipeline of global finance, and is likely to be scrutinized by regulators.

A U.S. Treasury Department spokesman had no immediate comment on Monday.

The Financial Services Information Sharing and Analysis Center, a financial industry cybersecurity group, said financial firms have well-established protocols for sharing information on such incidents.

“We are reminding members to stay up to date on all protective measures and promptly patch critical vulnerabilities,” a spokesperson said in a statement. “Ransomware remains one of the top threats facing the financial sector,” he added.

Why pay?

Lockbit has hacked some of the world’s largest organizations in recent months, stealing and leaking sensitive data in cases where victims refused to pay ransom.

In just three years, it has become the world’s top ransomware threat, according to US officials.

Nowhere is this more disruptive than in the United States, affecting more than 1,700 American organizations in nearly every sector, from financial services and food to schools, transportation, and government departments.

Authorities have long advised against paying ransomware gangs in a bid to break up criminals’ business models. Ransom is usually demanded in the form of cryptocurrency, which is hard to trace and provides anonymity to the recipient.

Some companies have quietly paid up to get back online quickly and avoid the reputational damage of having their sensitive data leaked publicly. Victims who do not have a digital backup that allows them to restore their systems without needing a decryption key sometimes have no choice but to pay.

Last week, Lockbit hackers published internal data from aerospace giant Boeing BA.N and said on their website that they had infected computer systems at law firm Allen & Overy.

Reporting by James Pearson in London; Additional reporting by David Barbuscia, Carolina Mandl and Tatiana Botzer in New York and Pete Schroeder in Washington DC; Editing by Mitchell Price, David Goodman, Jonathan Oatis and Alexander Smith

