According to Yellen, the recent ransomware attack on China’s largest bank only had a minimal impact on trades in the Treasury market.

On Friday, Janet Yellen, the U.S. Treasury Secretary, proposed that a ransomware attack on China’s largest bank resulted in minimal disruptions to the U.S. Treasury market, causing the bank to temporarily disable some of its systems.

During their meeting on Friday, finance officials from the U.S. and China addressed the incident in San Francisco. This occurred as they prepared for an upcoming regional economic summit.

According to Yellen, there has been no noticeable effect on the Treasury market. She believes this highlights the importance of open communication. In this type of scenario, it is crucial to have the ability to call someone and feel confident that there will be a positive response, and that we can rely on each other to collaborate effectively.

The affected financial services of the Industrial and Commercial Bank of China are responsible for facilitating trades and providing other services to financial institutions.

According to a statement on its website, the bank reported that a ransomware attack occurred on Wednesday, resulting in the disconnection and isolation of affected systems in order to minimize the damage caused by the attack.

The New York-based company stated that it is conducting an investigation and has notified law enforcement about the issue.

On Wednesday, all Treasury trades and Thursday’s repo financing trades were cleared, according to the statement. It also stated that ICBC’s banking, email, and other systems were not impacted.

According to data from the Treasury Department, China held $805.4 billion in U.S. Treasury securities as of August. This makes them the second biggest holder of U.S. debt, behind Japan.

A spokesperson from the Securities Industry and Financial Markets Association stated that they had no response regarding the assault.

ICBC did not provide any additional information, but according to reports, the attack was carried out by LockBit, a ransomware group primarily composed of Russian speakers that does not focus on countries that were formerly part of the Soviet Union.

According to cybersecurity firm Emsisoft, this ransomware variant is highly efficient and has been active since September 2019, targeting numerous organizations.

It is uncommon for banks to experience successful cyberattacks. The financial sector typically has strong security measures in place, with significant resources dedicated to cybersecurity and separate operations to deter theft.


Fatima Hussein, a reporter for the Treasury, provided this report from Washington, D.C.