Every day, we hear about many ransomware attacks across Hong Kong, China, and worldwide just like recent Microsoft cloud service outages hit Hong Kong Aiport operations on the last Friday 19, July. This issue has become even more critical for every business today. Let’s discuss some recent China’s biggest ransomware attacks and learn key takeaways to increase the importance of cybersecurity awareness through this article.

Ransomware Attack on 100,000 Computers in China

In early December, around 100,000 computers in China were infected with poorly-written ransomware. This ransomware encrypted user data and included an information-stealing component that harvested login credentials for several Chinese online services. The attacker demanded a ransom of 110 Yuan ($16), payable via WeChat. This has been the biggest China’s ransomware attack in history.

Impact and Response

On December 4th, Huorong Security, a company specializing in anti-virus software and network security solutions, reported the attack. Huorong identified that the malicious code not only locked the computers but also stole user credentials from popular online platforms such as Tmall, Aliwangwang, Alipay, 163 Mailbox, Baidu Cloud, Jingdong, and QQ. Despite affecting tens of thousands of users, the infection was limited to devices in China, and the encryption techniques used were very basic.

Following the initial reports, WeChat deactivated the QR code used by the hacker to accept ransom payments. Authorities advised users of several services, including Alipay, Baidu Yun, Netease 163, Tencent QQ, Taobao, Tmall, and Jingdong, to change their passwords as a precaution.

On December 5th, authorities tracked down and arrested a 22-year-old man named Luo Moumou, who admitted his role in the attack. This incident was labeled “China’s biggest ransomware attack in history.”

ICBC Ransomware Attack

The Industrial and Commercial Bank of China (ICBC), the U.S. arm of China’s largest commercial lender, was hit by a ransomware attack that disrupted trades in the U.S. Treasury market. This attack is part of a larger trend of increasing ransomware incidents targeting major institutions.

Impact and Response

ICBC Financial Services, the U.S. unit of the bank, reported that the attack disrupted some of its systems. The Chinese foreign ministry stated that ICBC was working to minimize risk impact and losses. The bank’s head office and other branches worldwide continued normal operations.

Hackers typically lock up systems in such attacks and demand ransom for unlocking them, often stealing sensitive data for extortion. Experts believe the aggressive cybercrime gang named Lockbit was behind this attack. Lockbit did not confirm this, but it has a history of not naming victims when negotiating with them.

Market Implications

The attack disrupted some trades, impacting market liquidity. However, ICBC successfully cleared Treasury trades executed the day before and repo financing trades on the day of the attack. While the impact on the market was limited, it highlighted the vulnerability of large organizations to such cyber threats.

Key Takeaways

These China’s biggest ransomware attacks highlight the need for strong cybersecurity measures. The Ministry of Industry and Information Technology (MIIT) recently announced a new “Cybersecurity Plan for Industrial Network” to address these cyber attacks within the nation. This is not the least we also need to pay attention towards this issue and spread awareness. Some steps we can ensure by ourselves that we should regularly update systems, use strong passwords with Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA), having an effective incident response plan, and educating employees on best practices. Additionally, maintaining daily or weekly backup and recovery plans is essential to minimize the impact of attacks and protect sensitive data. For more information and best cybersecurity solutions, contact us for free consultation.