The criminal ransomware gang behind the recent attack on the Industrial & Commercial Bank of China Ltd has claimed responsibility for two more hacks on US financial firms.

The Lockbit gang added the Chicago Trading Company and Alphadyne Asset Management this week to a list of victims on its darkweb page. The gang has given them deadlines to make an unspecified payment, and is threatening to publish stolen data online if its demands aren’t met.

A representative for Alphadyne, a New York-based investment firm whose clients include pension funds and insurers, declined to comment. Alphadyne is conducting business as usual, said a person familiar with the situation who wasn’t authorised to speak publicly.

The attack on CTC, a proprietary trading firm, was carried out at the end of October, said another person, who also asked for anonymity to discuss the matter. It wasn’t immediately clear if that attack had any direct link to the hack last week on ICBC, which left the world’s largest lender unable to clear US Treasury trades.

CTC is investigating with help from law enforcement, and it’s reviewing and bolstering its security, according to a company representative. Operations are secure and trading wasn’t affected, the spokesperson said. “There was never any ransomware,” the representative said.

Russian connection

Lockbit has become the world’s most prolific ransomware group in the last year, and has attacked a number of high-profile victims, including the UK’s Royal Mail, the financial software firm ION Group, and Boeing Co. Since 2020, the gang has carried out more than 1,700 attacks and extorted US$91mil (RM424.56mil), according to the US Cybersecurity and Infrastructure Security Agency.

The gang is known to steal internal data and encrypt its victims’ computers, making them unusable. It then demands payment in exchange for unlocking the computers and not publishing the stolen data. In some instances, the group leaves out the computers and just seeks to extort money by threatening to reveal the stolen data.

Lockbit’s Russian-speaking leaders tap into a network of hackers who carry out attacks using Lockbit’s malicious software and infrastructure. They then split the proceeds, according to cybersecurity experts.

CTC was founded in 1995. With offices that include Chicago, London and New York, the firm actively trades in equities, interest rates and commodities.

Alphadyne was started in 2005 by Khuong-Huu and Bart Broadman, who were colleagues at JPMorgan Chase & Co. With offices in cities that include New York, London, Hong Kong and Tokyo, the company is active in markets such as fixed income, equities, credit and commodities. Its investors include pensions, insurance companies and sovereign wealth funds, according to its website. – Bloomberg