ICBC hit by ransomware, others recently hit include Boeing who apparently paid to keep their data from being released. Hacking group out of Russia... ICBC Hit By Lockbit Ransomware Gang Linked to Boeing, Ion Attacks - Bloomberg Industrial & Commercial Bank of China Ltd. is suspected of being hacked by the same group that has — just in the past year — also hit Boeing Co., ION Trading UK and the UK’s Royal Mail. The prolific gang known as Lockbit is suspected to have orchestrated a ransomware attack against the US unit of ICBC, the world’s largest lender by assets, according to people familiar with the situation, who asked not to be identified because the information isn’t public. The attack has resulted in disruptions across the US Treasury market, with some transactions failing to clear and traders being asked to reroute their deals. Lockbit, a criminal gang with ties to Russia, specializes in using malicious software known as ransomware to encrypt files on its victims’ computers, then demanding payment to unlock the files. Earlier this year, it took credit for an attack against ION that paralyzed derivatives trading across markets for everything from commodities to bonds and forced several banks and brokers to process trades manually. On Thursday, ICBC confirmed in a statement on its website that a ransomware attack at its ICBC Financial Services unit resulted in disruption to some of its systems. The bank said it’s conducting a thorough investigation and progressing its recovery efforts. The lender said systems at its head office and other domestic and overseas affiliates, including its New York branch, weren’t affected. A week ago, Boeing disclosed a cyberattack that took down the website where it sells spare aircraft parts, software and services. Lockbit threatened to release “sensitive data” belonging to Boeing if it didn’t pay a ransom by Nov. 2. The hackers placed the company’s name on its website, with a countdown to the day last week. The name later disappeared from the site.
Not sure how widespread it is, but Florida's First Judicial Circuit got hit with a cyber attack over a month ago and is still dealing with it. There were cancelled hearings and lots of issues. I think things are about to get back to normal soon but no idea what's been happening behind the scenes. First Judicial Circuit continues investigation of cybersecurity breach
Welcome to the new(ish) normal. Despite the trend of companies improving their security postures and hardening their systems, it's going to continue. Forever.
I read a while back that most ransomware is planted by company workers and the foreign gangs give them a cut of the payoff.
not sure how I feel about Boeing paying them to keep their info private. Understand the motivation, don't like rewarding the crooks. feels like negotiating with terrorists
In IT this is usually a no-no. Not only does it reward attacks, it doesn't guarantee that there aren't backdoors or a mechanism to re-infect.
I'm of the opinion that there isn't a need for an insider attack. Sure, it would help, but users will click ANYTHING. If you get an email in past the filters, someone is likely to click on or download something. Our corp cybersecurity sends out occasional phishing emails and they've gotten one of my IT co-workers, who should know better, at least twice.
As my organization's Chief Information Security Officer put it, "The reality is that we have to get it right every single time, and a criminal only has to get it right once."
Nailed it. It's the wild west out there. And you can buy every hardware and software product under the sun, but if you don't require ongoing cybersecurity training for your employees, you're doing it wrong.
