China’s Largest Bank Is Latest Victim Of Ransomware

A ransomware attack targeting the Industrial and Commercial Bank of China (ICBC), China’s largest bank and the world’s largest lender by assets, shook the markets in November. 

The breach, directed at the bank’s US financial services unit, temporarily disrupted US Treasury markets, with clients unable to place trades. The impact was ultimately contained, but concerns are mounting about the vulnerability of leading banks and other corporations and the need for higher cybersecurity controls worldwide.

LockBit, a Russian-linked criminal group that made headlines recently for its ability to infiltrate systems and steal valuable data, was identified as ICBC’s attacker. In 2023 alone, LockBit targeted large companies such as Boeing, Royal Mail UK and financial software firm ION Group, among others.

Some companies that can’t recover their systems from backups end up paying the ransom, as did ICBC.

Many fear this will empower the hackers. According to the US Department of Justice, since 2020, “Lockbit actors have executed over 1,400 attacks against victims around the world, issuing over $100 million in ransom demands.” They received “tens of millions of dollars in ransom payments in the form of bitcoin,” which are relatively difficult to trace.

The most common source of cyber breaches is due to human error, such as with phishing attacks, according to Mario Henrique Viegas, a 25-year IT veteran of large corporations such as NBC Universal, Michael Page and Harrods, and now IT manager at Acamar Films.

“Employees with authorized access to systems may, intentionally or unintentionally, cause breaches by mishandling data or sharing sensitive information,” he explains. “A multilayered approach to cybersecurity might help mitigate the risks: employee training, strong access controls, regular software updates and robust security measures. But with the cybersecurity landscape constantly evolving, stronger regulatory scrutiny might soon
be necessary.” New threats and avenues of attack emerge regularly. And with the advent and rollout of artificial intelligence (AI), the potential for more sophisticated AI-driven ransomware could become an even more alarming threat.