On Thursday, the US division of Industrial and Commercial Bank of China (ICBC) fell victim to a ransomware assault, compelling clients to redirect certain trades. ICBC Financial Services, the US arm of the globe's largest lender, acknowledged the incident on its website, stating it had encountered a ransomware attack causing disruption to specific FS systems.

Fortunately, business and email systems, as well as ICBC's headquarters and other international branches, remained unaffected. In response, the bank promptly took action, isolating and disconnecting the impacted systems. Concurrently, recovery efforts are underway, with an ongoing investigation, and the incident has been reported to law enforcement. Despite the setback, the bank declared the successful clearance of US Treasury trades executed on Wednesday and repo financing trades conducted on Thursday.

Bloomberg reported that the bank managed to achieve this by transferring settlement details onto a USB stick and delivering it to market participants via a messenger. However, conflicting reports from the Financial Times suggested disruptions occurred in US Treasury trades.

Although no entity has claimed responsibility for the attack, numerous cybersecurity experts point to the LockBit gang as the likely perpetrators. The LockBit group, responsible for over 1400 attacks on US targets according to the Department of Justice, had previously targeted the trading technology firm ION earlier in the year.

Expressing concern about the incident's global implications, Marcus Murray from the cybersecurity firm Truesec stated, "This is a true shock to large banks around the world. The ICBC hack will prompt major banks globally to urgently enhance their defenses, starting today."