On Thursday, ransomware gang Hunters International claimed to have stolen more than 5.2 million files from the London branch of the Industrial and Commercial Bank of China (ICBC).
The threat actors allegedly swiped 6.6 TB of the bank’s data after hacking their network, and threatened to publish all of it unless ICBC pays up by September 13th. Which was yesterday.
ICBC is the world’s largest bank by assets, and, almost a year ago, the US arm of ICBC was hit by ransomware that disrupted trading in the US treasury markets. LockBit told Reuters that the bank paid the ransom after that attack.
Comparitech researchers logged 127 ransomware attacks claimed by Hunters so far in 2024, but these haven’t been acknowledged by the targets.
I have two comments on this. Starting with Evan Dornbush, former NSA cybersecurity expert:
“Is there a more cost-effective way to fight ransomware?
“This is a timely reminder that organizations should continually question the effectiveness of their cybersecurity measures lest they too be caught in a vicious cycle of reactive spending while failing to address the root causes of these attacks.
“Simply throwing money at security solutions isn’t enough. This may be an ideal time for the industry to consider a shift in focus towards disrupting the economic model of ransomware attackers rather than dealing with the effects of their crimes.”
Next up is Ted Miracco, CEO, Approov:
Privacy, security and possible culprit behind the attack:
- Privacy – Financial institutions are custodians of highly sensitive data, and a breach of this magnitude could result in heavy fines and penalties, as well as lawsuits from affected customers and businesses. If Hunters publishes ICBC’s data, it will lead to severe legal and compliance breaches, especially in regions with stringent financial and data privacy regulations, such as the EU’s GDPR or the UK’s Data Protection Act.
- Security – The attack by Hunters underscores the prevalence of ransomware-as-a-service (RaaS), where groups like this operate with increasing efficiency. The involvement of RaaS models lowers the bar for cybercriminals, enabling them to outsource sophisticated ransomware attacks and focus on large, lucrative targets such as banks. A key part of protecting financial data involves strengthening the security of mobile applications and APIs, which are often targeted as points of entry for ransomware attacks. However, organizations have demonstrated their capability to compromise even large and presumably secure institutions like ICBC, because API security vulnerabilities remain largely unaddressed.
- Culprit? – The fact that Hunters does not target Russian organizations suggests a potential association with Russia’s safe harbor policy for cybercriminals operating within its borders. This geopolitical dynamic is common with ransomware gangs, especially those with links to Russia, which often avoid targeting domestic organizations to stay under government protection. Ransomware attacks focused on extortion for financial gain, are a hallmark of many Russia-based cybercrime.”
ICBC has paid ransoms before. And my feeling is that they will pay up this time around. That’s unfortunate as I believe that organizations should not pay ransoms under any circumstances because that only encourages threat actors to launch more attacks. Besides, that money would likely be better spent ensuring that they do not pwned in the first place.
Related
This entry was posted on September 14, 2024 at 9:08 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
5.2 Million Files Allegedly Stolen From ICBC’s London HQ
On Thursday, ransomware gang Hunters International claimed to have stolen more than 5.2 million files from the London branch of the Industrial and Commercial Bank of China (ICBC).
The threat actors allegedly swiped 6.6 TB of the bank’s data after hacking their network, and threatened to publish all of it unless ICBC pays up by September 13th. Which was yesterday.
ICBC is the world’s largest bank by assets, and, almost a year ago, the US arm of ICBC was hit by ransomware that disrupted trading in the US treasury markets. LockBit told Reuters that the bank paid the ransom after that attack.
Comparitech researchers logged 127 ransomware attacks claimed by Hunters so far in 2024, but these haven’t been acknowledged by the targets.
I have two comments on this. Starting with Evan Dornbush, former NSA cybersecurity expert:
“Is there a more cost-effective way to fight ransomware?
“This is a timely reminder that organizations should continually question the effectiveness of their cybersecurity measures lest they too be caught in a vicious cycle of reactive spending while failing to address the root causes of these attacks.
“Simply throwing money at security solutions isn’t enough. This may be an ideal time for the industry to consider a shift in focus towards disrupting the economic model of ransomware attackers rather than dealing with the effects of their crimes.”
Next up is Ted Miracco, CEO, Approov:
Privacy, security and possible culprit behind the attack:
ICBC has paid ransoms before. And my feeling is that they will pay up this time around. That’s unfortunate as I believe that organizations should not pay ransoms under any circumstances because that only encourages threat actors to launch more attacks. Besides, that money would likely be better spent ensuring that they do not pwned in the first place.
Share this:
Like this:
Related
This entry was posted on September 14, 2024 at 9:08 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.