ICBC Ransomware Attack Disrupts US Treasury Market.

On Wednesday, a ransomware attack disrupted ICBC Financial Services (FS), China’s largest bank, particularly affecting its financial services arm.

This disruption in the US Treasury market impaired the company’s ability to settle Treasury trades for other market participants, thereby affecting market liquidity.

ICBC FS acknowledged the ransomware attack on their website on Thursday evening. They stated that the attack, which began on Wednesday, had disrupted certain financial services systems. However, ICBC noted that it has contained the incident, and is currently conducting an in-depth investigation.

In a statement issued on its website, ICBC indicated that they are:

“conducting a thorough investigation and . . . progressing its recovery efforts”


                               LockBit Group to leak ICBC data on November 28, 2023, they said. Image-source: Fixitgearware



The suspicion is that the LockBit 3.0 software executed the attack, but it is still unclear whether the criminal group or one of its customers was responsible.  LockBit threat actors also announced on their website that ICBC has until November 28, 2023, to prevent its data from being made public.

Attack of such magnitude, is concerning as it affected ICBC FS and had repercussions on the US Treasury market, further interfering with the settlement and clearing of US Treasury trades. The inability of the bank to settle trades for other market participants resulted in some equity trades being diverted to other financial institutions, impacting the Treasury market liquidity to some extent.

However, the overall functioning of the market remained intact. The attack did not impact the ICBC head office in China or its New York branch. Although, the Fixed Income Clearing Corporation, which is responsible for the settlement and clearing of US Treasury trades, was affected.

LockBit 3.0, the software used in the attack, is a type of ransomware that immobilizes (by encrypting files and folders) computer systems until a ransom is paid. This is concerning, especially for the financial sector, which invests heavily in preventing cyber attacks. It is unusual for a bank of ICBC FS’s magnitude to be affected in this manner.

The LockBit criminal cyber group, known for its RaaS (Ransomware-as-a-Service) model were it leases out its software to affiliates, has been found to be responsible for numerous attacks on large organizations such as ION, the City of London, and the Royal Mail.




Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments