The world’s biggest bank – Industrial and Commercial Bank of China – has hired a cybersecurity firm to help it get back to normal business after a ransomware attack.
ICBC also injected capital into its US unit to help pay BNY Mellon $9 billion for unsettled trades caused by the drama on Wednesday and Thursday, sources have said.
ICBC’s unit in America told market participants on Friday it was hoping to finish the cyber review over the weekend, but the sources said they expected it would spill into next week. Meanwhile, the bank is using manual processes to trade, they said.
The details, including the cash injection for unsettled trades, have not been previously reported.
ALSO SEE: Yellen Reminds China: Firms Helping Russia Will Face Sanctions
Lockbit hack jolts Treasuries market
The attack was claimed by cybercrime gang Lockbit, a widely deployed ransomware first seen on Russian-language-based cybercrime forums in January 2020. It is the latest in a string of ransom demands by hackers this year.
The ransomware drama sent ripples through the US Treasuries market, where ICBC acts as a broker for hedge funds and other market participants, helping them trade in the securities. While the extent of disruption to market was limited, it brought into focus the resilience of a market that underpins global finance.
When the hack happened earlier this week, ICBC was unable to access its systems, leaving it temporarily owing BNY $9 billion for unsettled trades, two of the sources said. The custody bank is the sole settlement agent for Treasuries.
The Chinese parent then injected capital into the US unit, allowing it to settle the trades and pay back BNY Mellon, the sources said. That has now happened, they said.
ICBC did not respond to a request for comment. ICBC Financial Services, the bank’s US unit, has said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.
Security review, trading via USB sticks
ICBC’s representatives told market participants on a call organized by the Securities Industry and Financial Markets Association (SIFMA), a trade group, on Friday afternoon that they had hired a cybersecurity firm to do an assessment to ensure that its systems are safe, three sources familiar with the matter said.
ICBC said it hopes to be done as soon as this weekend, the sources said, noting that it could take longer, given the complexity of the task. They also told market participants about the capital injection but did not disclose the amount or the reason for it, the sources said.
Meanwhile, ICBC’s computer systems have been isolated from the rest of Wall Street, the sources said. Alternative systems have been put in place to enable trading by ICBC, which involve moving information manually, including by carrying USB sticks with information, two of the sources said.
SIFMA declined to comment.
Global regulators on Friday were monitoring the impact. US Treasury Secretary Janet Yellen said on Friday that she and China Vice Premier He Lifeng spoke about the issue during talks in San Francisco this week. She said the hack had not interferred with the market for US government debt.
Fed extends closing time for some customers
Rumours about the hack started to circulate in the market on Wednesday afternoon, but one of the sources close to a major market-maker said it was not clear to most people on Wall Street what was going on until Thursday morning.
As news of the hack spread, other firms started removing any connectivity between ICBC’s computer systems and their own, the source said. SIFMA, the trade group, organized calls for market participants with updates, the sources said.
ICBC is not among the top-tier firms that deal in Treasuries, including the primary dealers that trade directly with the New York Federal Reserve, which limited the impact it had on the market, the sources said.
Still, Scott Skyrm, who works at money market trading firm Curvature Securities, said overnight rates in the repo market were volatile and closed Thursday at levels lower than would have otherwise been the case. There was a rise in the number of firms that failed to return bonds they had borrowed.
US Treasury fails, the value of Treasury securities that were not delivered to fulfil a trade contract, rose to $62.2 billion on Thursday, the highest since March, up from $25.5 bln a day earlier, according to Depository Trust & Clearing Corp.
To give the market more time to settle trades, the Federal Reserve’s system for moving cash through the financial system said it had extended the closing time for certain customers on Friday.
“These cyberattacks are scary,” said Jack McIntyre, a fixed income portfolio manager at Brandywine. “The good news would be that I guarantee you primary dealers are having (a) discussion to make sure this cannot happen to them. I’m sure everybody’s doing a deep dive on their security systems.”
ICBC’s Hong Kong-listed shares ended Friday down 0.8%, compared to a 1.13% drop in a Hong Kong index of mainland Chinese banks. Its Shanghai-listed shares closed flat.
- Reuters with additional editing by Jim Pollard
ALSO SEE:
Notorious Hackers Seen Hitting US Arm of ICBC, China’s Top Bank
Huawei, Tencent Lead China Cybersecurity Patents Push – Nikkei
Former VP of China’s Biggest Bank Latest to Face Graft Probe
China Joins US, EU in Vow to Tackle ‘Catastrophic’ AI Harm Risk
