LockBit 3.0, a Russian ransomware group, reportedly claimed it had breached the U.S. Federal Reserve and allegedly held approximately 33 terabytes of stolen data.

According to reports, the hacking organization provided a deadline of June 25, 2024, or else they would publish’ Americans’ banking secrets.’

“US Federal Reserve has been listed as a victim by the LockBit 3.0 ransomware group. The hackers allegedly exfiltrated 33 TB of banking information. Ransom deadline: 25th Jun 24,” HackManac wrote.

Image

However, the alleged threats didn’t come to fruition.

“The first link for downloading the files redirects to a press release of the Federal Reserve Board,” HackManac stated.

“The other links lead directly to the download of the published files,” the page continued.

“It appears that the exfiltrated terabytes come from the American bank Evolve Bank,” it added.

UPI reports:

While the Federal Reserve has not confirmed the hack, a number of cybersecurity experts are discounting LockBit’s claims, saying there are no published samples of the stolen data.

“No proof so prolly just blowing off steam,” said security researcher Dominic Alvieri.

“LockBit’s claim is likely complete and utter bollo … erm, nonsense, and a tactic designed to get its ailing RaaS (Ransomware-as-a-Service) back into the limelight,” Brett Callow, threat analyst at the cybersecurity firm Emisisoft, told the Daily Dot.

LockBit has conducted numerous high-profile ransomware attacks on companies, banks and government departments around the world since 2019, including the U.S. Department of Justice, the Port of Nagoya in Japan, British Royal Mail, Fulton County in Georgia and Boeing.

“To summarize briefly, here’s what’s in the LockBit leak in the claimed attack on the US Federal Reserve: They have apparently breached the American bank Evolve Bank & Trust. For now, there is still no trace of ‘secret’ files, but the analysis is ongoing,” HackManac wrote.

“However, there is an interesting article about Evolve Bank from June 18th stating that the US Federal Reserve Board has issued a cease and desist order against Evolve Bancorp and its subsidiary, Evolve Bank & Trust, for deficiencies in risk management and AML compliance,” it noted.

“Evolve Bank & Trust confirmed that it was affected by a cybersecurity-related incident, but has not yet said whether the LockBit ransomware gang was responsible,” TechTarget stated.

Per TechTarget:

The LockBit ransomware gang claimed it had breached the U.S. Federal Reserve, but it ultimately leaked data belonging to a single bank.

On June 23, LockBit listed the U.S. Federal Reserve on its data leak site and claimed to have obtained roughly 33 TB of stolen data. The gang also published a countdown on its leak site with a deadline of June 25, at which point LockBit would publish the stolen data. When the timer ran out, researchers analyzed the data that was published and found that it belonged to a single organization: Evolve Bank & Trust, a banking company based in Arkansas.

In a statement shared with TechTarget Editorial, Evolve confirmed that it was investigating a cybersecurity incident, but did not specifically name LockBit. However, it did confirm that stolen data was published on the dark web, effectively confirming LockBit’s claims.

Evolve provided the following statement to TechTarget Editorial:

Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization. It appears these bad actors have released illegally obtained data, on the dark web. We take this matter extremely seriously and are working tirelessly to address the situation. Evolve has engaged the appropriate law enforcement authorities to aid in our investigation and response efforts. This incident has been contained, and there is no ongoing threat.

In response to this event, we will offer all impacted customers (end users) complimentary credit monitoring with identity theft protection services. Those affected will be contacted directly with instructions on how to enroll in these protective measures. Additionally, impacted customers will receive new account numbers if warranted. Updates and further information will be posted on our website as they become available.

 

Join The Conversation. Leave a Comment.


We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the ∨ icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.