The U.S. Treasury Department, addressing a cybersecurity concern, informed CNBC that it is actively engaged with key players in the financial sector and federal regulators, maintaining continuous vigilance on the situation. Meanwhile, ICBC, a major Chinese bank, asserted that the cyber incident impacting its U.S. financial services arm did not extend to its operations in China or other affiliated institutions globally.
In response to the attack, Wang Wenbin, the spokesperson for China’s Ministry of Foreign Affairs, stated that ICBC is working to mitigate the impact and losses incurred. He emphasized the bank's effective emergency response and supervision during a regular news conference.
As for the ransomware attack, the perpetrator remains unidentified, and ICBC has not disclosed the responsible party.. Cybersecurity experts, including Marcus Murray from Truesec, identified the ransomware as LockBit 3.0. However, tracing the origin of such attacks is challenging due to hackers' sophisticated techniques to conceal their identities.
LockBit 3.0, known for its modularity and evasiveness, poses difficulties for security researchers. The malware's unique password requirement for each instance makes analysis challenging, according to the VMware cybersecurity team. The Cybersecurity and Infrastructure Security Agency describes LockBit 3.0 as a highly adaptable and elusive threat, complicating detection.
LockBit, the group behind the ransomware, operates on a "ransomware-as-a-service" model, selling its malicious software to other hackers, known as affiliates. The group, led by "LockBitSup" in online forums, claims to be based in the Netherlands and asserts a non-political motivation. LockBit has a history of targeting small and medium-sized businesses, and data from cybersecurity firm Flashpoint indicates that it accounts for approximately 28% of known ransomware attacks.
The group has previously claimed responsibility for ransomware attacks on prominent entities such as Boeing and the U.K’s Royal Mail. In June, the U.S. Department of Justice charged a Russian national for involvement in deploying LockBit ransomware and other cyberattacks globally, revealing the extent of the group's activities and financial gains.