China’s largest bank Industrial and Commercial Bank of China (ICBC) has been hit by ransomware attack. The breach has reportedly disrupted trading in the US Treasury market. The company, which is based in New York, said that it is investigating and had reported the problem to law enforcement. The bank gave no further details but reports suggest that the attack was by LockBit, a Russian-speaking ransomware syndicate.
It is the same group that is also said to be behind the cyber attacks on UK’s Royal Mail, Japan’s biggest maritime port and most recently hit Boeing’s parts and distribution business. However, none of the recent cyberattacks by LockBit are said to have shaken the financial world more than its hack of ICBC. The breach disclosed Thursday, November 9, by the largest global lender by total assets reportedly blocked some Treasury market trades from clearing, forcing brokers and traders to reroute transactions.
What is LockBit group
LockBit is one of the most notorious ransomware variants around, according to the cybersecurity firm Emsisoft. Active since September 2019, it is said to have attacked thousands of organisations. The gang’s victims span Europe and the US, as well as China, India, Indonesia and Ukraine, according to cybersecurity firm Kaspersky.
How LockBit operates
LockBit ransomware attacks typically begin with the group gaining access to a company’s network through a phishing email or a vulnerability in its network. Once the group has access to the network, they will encrypt the company’s data and demand a ransom payment in exchange for the decryption key. LockBit is also known for its use of double extortion tactics. In double extortion attacks, the ransomware group will threaten to release the victim’s stolen data if the ransom payment is not paid. This type of attack can be particularly damaging to victims, as it can lead to reputational damage and financial losses.
Researchers have long studied LockBit’s hacking tools, determining that the group regularly updates its malicious software in order to avoid detection from cybersecurity products.According to Kaspersky, “LockBit functions as ransomware-as-a-service (RaaS). Willing parties put a deposit down for the use of custom for-hire attacks, and profit under an affiliate framework. Ransom payments are divided between the LockBit developer team and the attacking affiliates, who receive up to ¾ of the ransom funds.”
LockBit spreads on its on
Most significant is LockBit’s ability to self-propagate, meaning it spreads on its own. In its programming, LockBit is directed by pre-designed automated processes. This makes it unique from many other ransomware attacks that are driven by manually living in the network — sometimes for weeks — to complete recon and surveillance.
Takes ransom in Bitcoins
LockBit hackers use so-called ransomware to infiltrate systems and hold them hostage. They demand payment to unlock the computers they’ve compromised and often threaten to leak stolen data to pressure victims to pay. The group typically demands ransom payments in Bitcoin.
Ransomware: What is LockBit? The hacker group said to be behind the attack on one of the China’s largest bank, ICBC
Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.