LONDON, Nov 13 (Reuters) – China’s biggest lender, the Industrial and Commercial Bank of China, has paid a ransom to cybercriminals who hacked ICBC last week, a representative of the Lockbit ransomware gang said on Monday in a statement Reuters was unable to independently verify.
The ICBC’s U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market on Thursday.
“They paid a ransom, deal closed,” the Lockbit representative told Reuters via Tox, an online messaging app.
ICBC did not immediately respond to a request for comment.
The ransomware attack came at a time of heightened worries about the resiliency of the Treasury market, essential to the plumbing of global finance.
The blackout at the bank’s U.S. broker-dealer left it temporarily owing BNY Mellon BK.N $9 billion, an amount many times larger than its net capital.
The hack was so extensive that even corporate email at the firm ceased to function, forcing employees to switch to Google mail, Reuters reported.
“The market is mostly back to normal now,” said Zhiwei Ren, a portfolio manager at Penn Mutual Asset Management.
Lockbit has hacked some of the world’s largest organisations in recent months, stealing and leaking sensitive data in cases where victims refused to pay ransom.
In just three years, it has become the world’s top ransomware threat, according to U.S. officials. Nowhere has it been more disruptive than in the United States, hitting more than 1,700 American organisations in nearly every sector from financial services and food to schools, transportation and government departments.
Last week, Lockbit hackers published internal data from aerospace giant Boeing BA.N and said on their website they had infected computer systems at London-founded law firm Allen & Overy.
Reporting by James Pearson in London; Additional reporting by Davide Barbuscia in New York; Editing by David Goodman and Jonathan Oatis
Our Standards: The Thomson Reuters Trust Principles.