Ransomware Attack on China’s Largest Bank Disrupts US Treasury Market

144

A ransomware attack on the Industrial and Commercial Bank of China (ICBC), the country’s largest bank, caused disruption in the US Treasury market. The attack compelled clients of ICBC to reroute trades, impacting the settlement of Treasury trades on behalf of other market participants.

The Securities Industry and Financial Markets Association informed members about the ransomware attack on ICBC, which paralyzed computer systems, leading to disruptions in Treasury trades and affecting some equity trades. Market participants, including hedge funds, redirected trades to navigate the disruption, impacting Treasury market liquidity to some extent. However, the overall functioning of the market was not severely impaired.

ICBC initiated efforts to restore services, addressing the impact on US Treasuries transactions. A Treasury Department spokesperson acknowledged the cybersecurity issue, stating ongoing communication with key financial sector participants and federal regulators while monitoring the situation.

The Fixed Income Clearing Corporation, a subsidiary of the Depository Trust and Clearing Corporation responsible for settling and clearing US Treasury trades, expressed concern about the incident’s potential impact on liquidity but noted that traders successfully rerouted trades through alternative channels.

While acknowledging the seriousness of the attack, Treasury market experts pointed out that traders typically have backup arrangements with multiple banks, ensuring the successful rerouting and execution of trades. Kevin McPartland, Head of Market Structure and Technology Research at Coalition Greenwich, emphasized the industry’s preparedness for such situations.

The incident had repercussions on Treasury bond yields, with a notable rise observed, especially after a subpar auction for 30-year bonds. The 30-year yield surged by 0.12 percentage points to 4.78%, raising questions about potential connections between the auction and the ICBC cyber attack.

Ransomware attacks have become more prevalent, particularly since the onset of the COVID-19 pandemic, as remote working vulnerabilities and organized cybercriminal groups contribute to their proliferation. The use of LockBit 3.0 software in this attack adds a layer of complexity, with LockBit being a prominent criminal cyber group known for debilitating attacks on various targets.

The attack on ICBC is deemed “extremely unusual” given the bank’s size, highlighting the heightened cybersecurity focus within the financial sector. The choice of LockBit 3.0 software raises questions about whether the criminal group itself or one of its affiliates orchestrated the attack.

In a parallel development, Allen & Overy, a prominent law firm, also fell victim to a ransomware attack on its servers, emphasizing the broader challenges various industries face in the current cybersecurity landscape.