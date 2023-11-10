LockBit, a notorious ransomware gang, known for a series of high-profile cyberattacks, has sent shockwaves through the financial world with its recent breach of Industrial & Commercial Bank of China Ltd. (ICBC), Bloomberg reported on Friday.

This disclosure by the world's largest lender by total assets has disrupted Treasury market trades, leading to the rerouting of transactions by brokers and traders. The incident has raised concerns globally, prompting cybersecurity experts to emphasise the urgency for banks to enhance their defence mechanisms.

LockBit has emerged as one of the most prolific ransomware gangs in recent years, conducting cyberattacks globally. The group's activities have been ongoing since at least the beginning of 2020, targeting up to 1,000 victims and extorting over $100 million in ransom demands, according to the US Justice Department.

LockBit operates as a "ransomware as a service" enterprise, where core hackers develop malware, and freelance cybercriminals sign up with LockBit to execute the attacks. The gang receives a commission, typically around 20 per cent of any ransom paid, showcasing a business-like approach to its illicit activities.

The devastating impact of LockBit's attacks extends beyond ICBC, affecting entities across Europe, the US, China, India, Indonesia, and Ukraine, as highlighted by cybersecurity firm Kaspersky. The gang's modus operandi involves using ransomware to infiltrate systems, holding them hostage and demanding payment for their release. Threats to leak compromised data often add pressure on victims to comply with the ransom demands.

Researchers studying LockBit's tactics note that the group regularly updates its malicious software to evade detection by cybersecurity products. LockBit's flexibility is evident in its experimentation with self-spreading malware, such as the LockBit Black strain, making infiltration easier for hackers without extensive technical expertise. The group's geographical base and the number of individuals involved remain unknown, but LockBit has asserted on its website that it refrains from attacking post-Soviet Union countries.

Despite the Chinese government's cryptocurrency trading ban, a preferred method of payment for hackers, and historical ties between China and Russia, making it a lesser target, LockBit's assault on ICBC challenges these assumptions. Cybersecurity experts speculate that if the targeting proves to be an error, LockBit might aid in recovery by providing free decryption.

(With inputs from Bloomberg)