November 10, 2023 at 03:06AM
China’s largest bank, ICBC, experienced a ransomware attack that disrupted its financial services systems. The incident has impacted US Treasury markets and prevented the settling of trades on behalf of other market players. The attack exploited an unpatched Citrix Netscaler box. The ransomware gang LockBit is suspected to be behind the hack. Concerns are growing about the effectiveness of current ransomware countermeasures and there are calls for stricter regulations on payment of ransom demands.
Summary: ICBC, China’s largest bank, experienced a ransomware attack that disrupted its financial services systems. The bank disconnected and isolated affected systems and is investigating the incident. The attack did not affect ICBC’s domestic and overseas affiliates. The incident has caused disruptions in US Treasury markets, potentially preventing the settling of trades. The malware research group vx-underground reported that some equity traders were unable to place or clear trades through ICBC. The attack exploited an unpatched Citrix Netscaler box using a bug known as CitrixBleed. The ransomware gang suspected to be behind the attack is LockBit, known for targeting various organizations and generating large sums of money. Cybersecurity experts are calling for stricter measures, including prohibiting or severely restricting the payment of ransom demands to combat these financially motivated attacks.