The Industrial and Commercial Bank of China’s (ICBC) U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday, the latest in a string of victims ransom-demanding hackers have claimed this year.
According to Reuters*, ICBC Financial Services, the U.S. unit of China’s largest commercial lender by assets, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.
China’s foreign ministry said on Friday the lender is striving to minimise risk impact and losses after the attack. Several ransomware experts and analysts said an aggressive cybercrime gang named Lockbit was believed to be behind the hack, although the gang’s dark web site where it typically posts names of its victims did not mention ICBC as a victim as of Thursday evening.
The LockBit group, supposedly behind this attack, is employing ransomware attacks which also use extortion tactics once the malware is in place making it more lethal. It is dangerously self-spreading in organisations and targeted at victims or their systems specifically looking for vulnerabilities such as being able to bypass authentication like in this attack. LockBit automatically then spreads the infection and encrypts all accessible computer systems on the network. Once data has been stolen and encrypted on the victim’s machines, the extortion tactics occur in order to make more money even if a backup process is in place.
Preventive measures to ensure companies are protected against any ransomware or malicious attacks are vital but mistakes can happen and sophisticated criminal groups will relentlessly target any given vulnerability. Named measures are for example using strong unique passwords in alliance with multi factor authentication to protect the systems from unauthorized access. Furthermore, all hard- and software needs constant updating with the appropriate patches.
State-of-the-art security software, employing multiple layers of detection technology on all possible attack vectors to prevent ransomware infections also needs to be in place to ensure a maximum level of protection. Offsite, and disconnected backups and a tested restore process are also vitally important.
by Jake Moore, ESET
*ESET does not bear any responsibility for the accuracy of this information.
ESET Ireland 