Boeing Co., ION Trading UK and the UK’s Royal Mail.
The prolific gang known as Lockbit is suspected to have orchestrated a ransomware attack against the US unit of ICBC, the world’s largest lender by assets, according to people familiar with the situation, who asked not to be identified because the information isn’t public. The attack has resulted in disruptions across the US Treasury market, with some transactions failing to clear and traders being asked to reroute their deals.
Lockbit, a criminal gang with ties to Russia, specializes in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files.
Earlier this year, it took credit for an attack against ION that paralyzed derivatives trading across markets for everything from commodities to bonds and forced several banks and brokers to process trades manually.
On Thursday, ICBC confirmed in a statement on its website that a ransomware attack at its ICBC Financial Services unit resulted in disruption to some of its systems. The bank said it’s conducting a thorough investigation and progressing its recovery efforts. The lender said systems at its head office and other domestic and overseas affiliates, including its New York branch, weren’t affected.
A week ago, Boeing disclosed a cyberattack that took down the website where it sells spare aircraft parts, software and services. Lockbit threatened to release “sensitive data” belonging to Boeing if it didn’t pay a ransom by Nov. 2.
The hackers placed the company’s name on its website, with a countdown to the day last week. The name later disappeared from the site.
Recent Lockbit victims also include Japan’s biggest maritime port, the UK’s Royal Mail,