World’s Largest Bank Hit By Ransomware Attack

Industrial & Commercial Bank of China (ICBC) Ltd was hit by a serious ransomware attack this week. It is suspected that the attack came from a gang of cybercriminals known as LockBit. LockBit is also credited with attacks in this past year on Boeing Co., ION Trading, and the United Kingdom’s Royal Mail among others.

The LockBit group specializes in using ransomware to encrypt computer files and then demand payment to unlock those files. Their latest high-profile attack comes against the U.S. unit of ICBC, the world’s largest lender by assets. The attack disrupted clearing and trading on the U.S. Treasury market. It caused some transactions to fail to clear  and traders having to reroute deals.

Earlier this year, LockBit took credit for an attack against ION Trading that halted derivatives trading impacting everything from commodities to bonds. Last week, Boeing announced that a cyberattack attributed to LockBit took down one of its websites. Other recent LockBit victims include Japan’s biggest maritime port, California’s finance department, and a children’s hospital in Canada.

Who is LockBit?

LockBit is believed to be one of the most prolific ransomware attackers in the world. They have been active since at least 2020 and have successfully attacked as many as 1,000 victims globally, extorting more than $100 million in ransom demands, according to the US Justice Department. The group’s members have been tied to Russia and apparently use Russian to communicate.

LockBit operates what is known as a “ransomware as a service” enterprise. LockBit hackers develop malware and other tools. Freelance cybercriminals sign up to gain access to LockBit tools and infrastructure. These freelancers then do the hacking themselves. LockBit gets a commission on successful attacks which is typically around 20% of any ransom paid.

The gang’s victims cover the globe from the U.S and Europe to India and Indonesia. Ransomware attacks against Chinese firms are somewhat unusual however in that the Chinese government has banned cryptocurrency transactions. That makes it harder for victims to pay ransom, which is often demanded in cryptocurrency.

Cyberattack Disrupts Mortgage Payments for Millions of Customers

Mr. Cooper, one of the largest U.S. mortgage servicers, suffered a cyberattack on October 31 that disrupted loan payments and other transactions for millions of its customers. The attack prevented customers from making online loan payments or gaining access to their account information. The company has said it was trying to determine if the attackers obtained any personal customer data. It is not known is this was a ransomware attack or attributable to LockBit.

The company said it became aware of the attack on October 31, and took immediate action to secure customer data. It has since restored its system for accepting online payments.

Mr. Cooper, formerly known as Nationstar, services mortgage loans for 4.3 million customers.

Ransomware attacks may hit record levels this year.

Analytics firm Chainalysis has recorded roughly $500 million worth of ransomware payments through the end of September 2023, an increase of almost 50% from the same period a year earlier. According to Corvus Insurance, ransomware attacks increased 95% in the first three quarters of this year, compared with the same period in 2022.