LONDON, Nov 13 (Reuters) – China’s largest lender, the Industrial and Commercial Bank of China, has paid a ransom after it was hacked last week, a representative of the Lockbit ransomware gang said on Monday in a statement that Reuters could not independently verify .
ICBC, whose U.S. arm was hit by a ransomware attack on Nov. 9 that disrupted trading in the U.S. Treasury market, did not immediately respond to a request for comment.
“They paid a ransom and the deal was closed,” the Lockbit representative told Reuters via Tox, an online messaging app.
The power outage at ICBC’s U.S. broker-dealer left ICBC temporarily owing BNY Mellon BK.N $9 billion, an amount many times greater than its net capital.
The hack was so extensive that even the company’s work email stopped functioning, forcing employees to switch to Google Mail, Reuters reported.
“The market is now largely back to normal,” said Zhiwei Ren, portfolio manager at Penn Mutual Asset Management.
The ransomware attack came at a time of heightened concerns about the resilience of the $26 trillion government bond market, essential to the functioning of the global financial sector, and is likely to draw the attention of regulators.
A spokesperson for the U.S. Treasury Department did not immediately comment Monday.
The Financial Services Information Sharing and Analysis Center, a financial industry cybersecurity group, said financial companies have established protocols for sharing information about such incidents.
“We remind members to stay abreast of all protective measures and patch critical vulnerabilities immediately,” a spokesperson said in a statement, adding: “Ransomware remains one of the largest threat vectors facing the financial sector .”
Lockbit has hacked some of the world’s largest organizations in recent months, stealing and leaking sensitive data in cases where victims refused to pay ransoms.
In just three years, it has become the world’s largest ransomware threat, according to U.S. officials.
Nowhere has the crisis been more disruptive than in the United States, where more than 1,700 American organizations have been affected in almost every sector, from financial services and food to schools, transportation and government services.
Authorities have long advised against paying ransomware gangs in an attempt to break the criminals’ business model. Ransom demands are usually made in the form of cryptocurrency, which is more difficult to trace and gives the recipient anonymity.
Some companies have quietly paid money in an attempt to get back online quickly and avoid the reputational damage that comes from having their sensitive data publicly leaked. Victims who do not have digital backups that allow them to restore their systems without the need for a decryption key are sometimes left with no choice but to pay.
Last week, Lockbit hackers published internal data from aerospace giant Boeing BA.N and said on their website that they had infected computer systems at law firm Allen & Overy.