Wall Street is grappling with the repercussions of a ransomware attack on China’s Industrial and Commercial Bank of China (ICBC), the nation’s largest bank. The attack, which targeted ICBC’s New York unit, disrupted trading in the $25 trillion market for US Treasuries, revealing vulnerabilities in the world’s largest and most liquid Treasury market.
The Financial Times first reported the attack, highlighting how ICBC Financial Services, the New York unit, had to resort to sending a USB stick with trading data to BNY Mellon to settle trades after its systems were compromised.
The ransomware incident affected ICBC’s ability to settle Treasury trades on behalf of other market participants, prompting hedge funds and asset managers to reroute trades, thereby impacting Treasury market liquidity, according to trading sources. Some traders even suggested that the hack might have contributed to a sharp sell-off in long-dated Treasuries following a $24 billion auction of 30-year bonds.
BNY Mellon, the world’s largest custodian bank, has electronically disconnected ICBC from its platform and is utilizing manual workaround solutions to process trades. The bank does not plan to reconnect until a third party verifies that it is safe to do so.
ICBC’s US unit reportedly required a $9 billion capital injection from its parent company to cover unsettled trades with BNY Mellon, underscoring the financial implications of the attack.
US Treasury Secretary Janet Yellen acknowledged being in touch with China’s vice-premier about the hack but stated that she had not seen an impact on the Treasury market. The Securities and Exchange Commission is closely monitoring the situation, emphasizing the importance of maintaining fair and orderly markets.
Ransomware attacks, which have proliferated since the onset of the pandemic, continue to pose a significant threat to businesses. The incident involving ICBC highlights the need for enhanced cybersecurity measures and collaborative efforts to address the evolving challenges posed by cyber threats.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.