Lockbit Ransomware Forces China’s ICBC to Pay Massive Ransom, Disrupts US Treasury Market
Lockbit, a notorious ransomware gang, has once again made headlines by targeting one of the world’s largest companies. Last week, the group published internal data belonging to aerospace giant Boeing. But that’s not all—Lockbit has now set its sights on an even bigger target, China’s Industrial and Commercial Bank of China (ICBC). In a recent interview with Reuters, a representative from Lockbit confirmed that the ransomware gang successfully extorted a massive ransom from ICBC after the bank’s US arm fell victim to a ransomware attack.
The consequences of this attack were far-reaching, with trades in the US Treasury market being disrupted and the bank’s corporate email system rendered non-functional. Employees were forced to resort to using Google mail instead. While Reuters was unable to independently verify whether ICBC had indeed paid the ransom, Lockbit’s representative unequivocally stated, They paid a ransom, deal closed.
The ICBC finds itself in a precarious financial position, owing the Bank of New York Mellon a staggering $9 billion—an amount several times larger than its net capital. Nevertheless, this incident serves as a stark reminder to financial institutions to maintain current protective measures and promptly patch any critical vulnerabilities. Ransomware remains one of the top threats facing the financial sector, according to The Financial Services Information Sharing and Analysis Center.
Lockbit has earned a fearsome reputation for targeting major organizations across various sectors, including financial services, transportation, and government departments. When these organizations refuse to pay the ransom demanded by the gang, Lockbit resorts to stealing and leaking sensitive information—a move that can severely damage a company’s reputation and, consequently, its business.
Paying ransoms to cybercriminals is a controversial matter, as authorities argue that it only empowers and perpetuates the criminal business model. These ransomware gangs typically demand payment in cryptocurrency to maintain their anonymity and make tracing the funds more difficult. Some companies, fearing the impact of a sensitive data leak, opt to discreetly pay the ransom in order to restore their systems and safeguard their reputation. Victims without a digital backup that enables system restoration without a decryption key often feel they have no choice but to comply.
Last week’s attack showcases the extent of the threat posed by Lockbit, with over 1,700 American organizations falling victim to their attacks. As the United States emerges as the top ransomware target globally, it’s clear that this menace has risen to prominence in a remarkably short span of three years.
In the face of such cyber threats, authorities will continue to discourage paying ransoms to ransomware gangs. However, the allure of recovering vital systems and protecting a company’s image remains a tempting proposition for many. While the debate rages on, organizations must remain vigilant and take proactive measures to fortify their cybersecurity defenses against these increasingly audacious cybercriminals.
In addition to the ICBC incident, Lockbit hackers also compromised computer systems at law firm Allen & Overy, further highlighting the urgent need for improved cybersecurity measures and heightened levels of protection across all sectors.
As ransomware attacks continue to escalate, businesses and governments alike must galvanize their efforts to tackle this growing threat. The consequences of inaction are simply too grave.
