The LockBit ransomware gang claimed it had breached the U.S. Federal Reserve, but it ultimately leaked data belonging to a single bank.
On June 23, LockBit listed the U.S. Federal Reserve on its data leak site and claimed to have obtained roughly 33 TB of stolen data.
The gang also published a countdown on its leak site with a deadline of June 25, at which point LockBit would publish the stolen data.
When the timer ran out, researchers analyzed the data that was published and found that it belonged to a single organization: Evolve Bank & Trust, a banking company based in Arkansas.
In a statement shared with TechTarget Editorial, Evolve confirmed that it was investigating a cybersecurity incident, but did not specifically name LockBit.
It did confirm that stolen data was published on the dark web, effectively confirming LockBit's claims.
Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization.
It appears these bad actors have released illegally obtained data, on the dark web.
Evolve has engaged the appropriate law enforcement authorities to aid in our investigation and response efforts.
In response to this event, we will offer all impacted customers complimentary credit monitoring with identity theft protection services.
Impacted customers will receive new account numbers if warranted.
LockBit is a notorious and prolific ransomware-as-a-service gang, one that has had a tumultuous recent history.
Law enforcement also obtained approximately 1,000 decryption keys and commandeered LockBit's prior data leak site domains to publish press releases, decryption keys, back-end leaks, the identity of LockBit's administrator and more.
It is in large part due to these efforts that LockBit's comeback has been unsuccessful, according to cybersecurity experts.
In recent weeks following Operation Cronos, LockBit has made exaggerated or unverified claims about attacking high-profile targets.
While ransomware gangs and other cybercriminals often overstate or outright lie about their exploits, LockBit's initial claim about breaching the U.S. Federal Reserve received significant attention from media outlets and infosec professionals.
Asked why he thought LockBit would lie in this case, Shobhit Gautam, security solutions architect at HackerOne, told TechTarget Editorial in an email that LockBit 3.0 could be trying to rebuild its reputation after the disruption earlier this year.
LockBit's Federal Reserve claim is the latest example of threat actors muddying the waters with exaggerated or false claims.
Hudson Rock's blog post was taken down shortly following its publication.
Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.
This Cyber News was published on www.techtarget.com. Publication date: Wed, 26 Jun 2024 23:13:05 +0000