The central banking system is allegedly negotiating with the ransomware gang LockBit to restore 33 terabytes of confidential banking data.
The infamous ransomware gang LockBit has added the Federal Reserve to the list of victims on its leak site, claiming it has in its possession 33 terabytes of sensitive US banking data.
In the post on the leak site, LockBit said that the authorities have until June 25 to pay an undisclosed amount, failing which the hackers will presumably make the leaked data public. The development comes months into the group’s revival from a full disruption it suffered as a result of a law enforcement takedown in February.
Biggest hack, if confirmed
If confirmed, the Federal Reserve breach would be one of the biggest banking hacks in US history. Being the central banking system of the country, the Federal Reserve operates 12 banking districts in major cities such as Boston, New York, Dallas, Chicago, and San Francisco.
Although the Federal Reserve has yet to issue a statement on the claim, LockBit hinted at a negotiation that is apparently underway between the parties. “You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000,” the LockBit post said, remarking the hack contains “33 terabytes of juicy banking information containing Americans’ banking secrets.”
“It’s pretty rare for a ransomware group, like LockBit, to publicly dunk on a ransomware negotiator,” said John Bambenek, president of Bambenek Consulting, a cybersecurity consulting firm.
If the claim that LockBit has stolen 33 terabytes of confidential data is true, a significant amount of financial and personal information would be at risk of exposure. Additionally, the data may have confidential details of federal operations within or outside the US border, posing a nation-state threat at the hands of foreign buyers.
Email sent to the Federal Reserve’s media team for comments on the claim did not elicit a response by the time of publishing this article.
Fake claim possible?
“The LockBit RaaS and its affiliates have been linked to numerous high-profile data breaches, including those at Boeing and ICBC Bank. However, not all of its claims have been verified,” Agnidipta Sarkar, vice president of CISO Advisory at ColorTokens, said.
LockBit has, at least twice in the past, made fake claims about breaching federal bodies, posing to have acquired sensitive federal data on both counts.
In February, the notorious hacker group had listed a Fulton County data breach that allegedly had sensitive information, including case files from an ongoing prosecution of former US president Donald Trump. Interestingly, the group’s operations were disrupted in a coordinated law enforcement seizure, hours before the ransom deadline stipulated on the county. The group’s leader LockBitSup, later said the takedown had been timed to stop the leak.
Days after the takedown, LockBit relisted Fulton County data on a new .onion address, claiming the law enforcement couldn’t restore stolen data in their operation. This, however, turned out to be a hoax as no further changes happened to the listing before it was eventually removed.
The second hoax post was from the same incident, where LockBit, on the revived site after the takedown, claimed to have hacked the FBI and possess sensitive agency data. No proof of such a breach was ever produced publicly or confirmed by authorities.
The group has established a formidable reputation, particularly following the decline of the Conti ransomware group. Among LockBit’s most significant attacks are CNA Financial, which resulted in a $40-million payout; ISBC, which paid an undisclosed amount; Accenture, which faced a $50-million ransom demand; and Royal Mail, with an $80-million ransom demand. Other notable victims with unclear ransom demands include Bangkok Airways, the Ministry of Justice in France, Essendant, and the Port of Lisbon. Despite a few false claims, the group’s impact on these high-profile targets underscores its operational capacity and threat level.
More data breach news:
