ICBC was trying to minimize the risk impact and losses after the attack, which several experts blamed on hacking group Lockbit
The Industrial and Commercial Bank of China’s access to an electronic settlement platform for U.S. Treasury securities remained suspended on Friday, sources said, in the aftermath of a ransomware attack on China’s largest bank.
The attack, confirmed by ICBC on Thursday, is the latest in a string of ransom demands by hackers this year. ICBC Financial Services, the bank’s U.S. unit, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.
It will take days to return to normal, two sources familiar with the matter said on Friday. BNY Mellon was manually settling trades of Treasury securities with the ICBC and was waiting for a third party to confirm it is safe to reconnect ICBC to its settlement platform, the sources said.
The process of establishing it is safe to reconnect is likely to go into next week, they said. One of the sources said that meant trades were being done by physically handing over information rather than using any electronic means.
BNY is sole settlement agent for U.S. Treasury bonds according to its website. “These cyberattacks are scary,” said Jack McIntyre, a fixed income portfolio manager at Brandywine.
“The good news would be that I guarantee you primary dealers are having (a) discussion to make sure this cannot happen to them. I’m sure everybody’s doing a deep dive on their security systems.”
Primary dealers, which include the largest Wall Street banks, act as counterparties to the Federal Reserve in open market operations as part of implementing U.S. monetary policy. When the U.S. Treasury issues new securities, primary dealers handle the purchases on behalf of the Fed, which acts as the seller. Several primary dealers did not immediately respond to requests for comment. ICBC did not respond to requests for comment.
China’s foreign ministry said on Friday
ICBC was trying to minimize the risk impact and losses after the attack, which several experts blamed on hacking group Lockbit.
“Yes we confirm,” a Lockbit representative said on Friday, without elaborating, in response to a request for comment.
Lockbit ransomware, first seen on Russian-language-based cybercrime forums in January 2020, is the most deployed ransomware across the world, hitting 1,700 U.S. organizations, according to the U.S.
Cybersecurity and Infrastructure Security Agency. Business remains normal at ICBC’s head office, branches and subsidiaries across the globe, China’s foreign ministry spokesperson Wang Wenbin told a regular news conference.
“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication.” REGULATORY RESPONSE
Global regulators on Friday were monitoring the impact. Britain’s Financial Conduct Authority said it was “communicating with the relevant U.S. and UK authorities and firms to identify any impacts to UK financial services.”
In the U.S., the Financial Industry Regulatory Authority said
it is monitoring any impact on firms and customers and is closely working with other regulators. The U.S. Securities and Exchange Commission continues to monitor markets with a “focus on maintaining fair and orderly markets,” a spokesperson said.
The Federal Reserve Bank of New York declined to comment.
ICBC said it had successfully cleared Treasury trades executed on Wednesday and repurchase agreements (repo) financing trades on Thursday. ICBC’s Hong Kong-listed shares ended Friday down 0.8%, compared to a 1.13% drop in a Hong Kong index of mainland Chinese banks.
Its Shanghai-listed shares closed flat. Some market participants said trades going through ICBC were not settled due to the incident and that market liquidity had been affected. It was unclear whether this contributed to the weak outcome of a 30-year bond auction on Thursday.
Investors and traders found it hard to assess how much it impacted the market on Thursday, when bond markets were selling off after comments from Federal Reserve Chair Jerome Powell. Even if the impact seemed limited, the attack underlined how systems at large organizations remain vulnerable, they added.
“A source of liquidity in the market dried out for an extended period of time,” said Jan Nevruzi, U.S. rates strategist at NatWest Markets, noting that the attack lowered inter-dealer broker volumes and hurt the auction. “Today people have found contingencies and alternatives because a certain amount of time has passed since then. I imagine there’s still some market liquidity impairment.”