ICBC flies top executives to US in race to contain fallout of hack by ransomware gang LockBit
- ICBC is racing to reassure market participants it has a handle on the situation following the attack by prolific ransomware gang LockBit
- LockBit said that it had received a ransom payment from ICBC on Monday, but did not provide details
Within days of a cyberattack at its US unit, members of Industrial and Commercial Bank of China’s (ICBC) management were on a plane.
Officials from the world’s largest lender arrived in the US over the weekend in a hastily arranged trip to limit fallout from the incident last week, people with knowledge of the situation said. As they sought to calm markets through a steady stream of discussions and calls, one question remained unanswered: when will the stricken systems start functioning again?
The bank is racing to reassure market participants it has a handle on the situation following the attack by prolific ransomware gang LockBit, which rendered it unable to clear swathes of US Treasury trades and forced many to reroute their orders. The firm has yet to restore normal operations.
On Friday, senior ICBC executives spoke with hundreds of member firms of the Securities Industry and Financial Markets Association (Sifma) in a bid to allay concerns, according to people familiar with the matter who asked not to be identified discussing private information. Some participants left without a clear outline of ICBC’s response, one of the people said.
And while the bank has been working to restore access to its systems, a subsequent investigation and ongoing discussions with regulators have made any resumption of normal service hard to predict, one of the people said.
The incident also prompted China’s National Administration of Financial Regulation (NAFR) to issue guidance last week pressing large banks with offshore units to bolster their defences against potential cyberattacks, another person familiar with the matter said.
