Chinese banking giant’s London HQ targeted by cybercriminals, threatening to leak millions of files

ICBC has until tomorrow to act

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The London branch of the Industrial and Commercial Bank of China (ICBC) has suffered aransomwareattack that saw the hackers make off with plenty of sensitive data.

A report fromThe Register, citing an announcement posted on the threat actor’s data leak site, says ICBC has until September 13 to pay the ransom demand or witness its data leaking.

The ransomware attack on ICBC’s London branch was carried out by a group known as Hunters International, who claim to have stolen 5.2 million files - equivalent to 6.6 TB of sensitive data.

ICBC ransomware attack

For those with shorter memory, Hunters International might sound like a relatively new entrant in the game of ransomware. However, some experts claim it is actually a rebrand of the infamous Hive ransomware, which was one of the largest and most dangerous groups of its tim, until it was dismantled by the FBI in July 2022, when the law enforcement successfully infiltrated the collective and obtained decryption keys.

Hunters International emerged roughly a year ago, as a threat actor that focuses more on data exfiltration, and less on system encryption. Some researchers argue that building, maintaining, and deploying encryptors is too cumbersome, and that simply stealing files is as lucrative.

ICBC is the largest bank in the world by total assets and market capitalization. It is owned by the Chinese state and is a key player in the country’s financial system. The bank provides a wide range of services such as corporate and personal banking, wealth management, and investment banking. ICBC has a vast global presence with branches and subsidiaries in major financial centers around the world. As such, it plays a major role in financing infrastructure projects both within China and internationally.

So far, the bank has not yet responded to any requests for comment, nor has it said anything about the incident.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Herman Miller Aeron gaming chair review: premium, highly customizable comfort