Hunters claims to have ransomed ICBC London, stolen 6.6TB

Ransomware gang Hunters International reportedly claims to have stolen more than 5.2 million files belonging to the London branch of the Industrial and Commercial Bank of China (ICBC), a Chinese state-owned bank and financial service corporation, and set a deadline of September 13 to release all the data unless demands are met.

The newish ransomware-as-a-service operation, first spotted last October, allegedly swiped 6.6 TB of the bank’s data after breaking into its network, and threatened to publish all of it unless ICBC pays up.

The Register has not confirmed that the stolen info is legitimate, and ICBC did not immediately respond to our inquiries. We will update this story if and when we hear back.

If the claims turn out to be true, this could be very bad news for customers and their financial data.

Banks are particularly attractive targets for ransomware gangs, and all types of financially motivated criminals, because they are responsible for vast amounts of highly sensitive financial data. This, at least in the extortionists’ minds, makes them more likely to pay steep ransom demands to prevent that info from being publicly exposed, angering customers, and tanking the bank’s reputation — and possibly revenue.

ICBC is the world’s largest bank by assets, boasting $6.3 trillion as of mid-2024, with an annual revenue of $113 billion.

Hunters International, despite being relatively new to the ransomware scene, has quickly risen up through the ranks and claimed to have breached more than 134 organizations so far this year. These victims span the globe, with the notable exception of Russia. 

This is not uncommon for cybercriminals, which often operate out of that country and, in general, are given safe harbor — or even outright rescued from foreign custody — so long as they don’t target Russian organizations for their financial scams and extortion attempts. ®