In recent cybersecurity news, the notorious LockBit 3.0 ransomware group has made headlines by claiming to have breached the Federal Reserve. Over the last 24 hours, LockBit released files purportedly containing sensitive data from the Fed, stirring significant speculation and concern within the cybersecurity community.
LockBit's bold claims have drawn attention, prompting cybersecurity experts and media outlets to examine the veracity of the released information. According to an article from CyberNews.com and my own investigation into the dark web leak site, LockBit did indeed publish data they allege is from the Federal Reserve. However, discrepancies quickly emerged, suggesting the data may actually belong to Evolve Bank & Trust, a financial technology partner recently hit by a significant ransomware attack.
This confusion stems from reports by both media and security researchers, all pointing to Evolve Bank & Trust as the likely source of the leaked data. The situation is unusual, primarily because such attacks seldom involve misattribution of this magnitude, especially when implicating a major institution like the Federal Reserve.
Evolve Bank & Trust has faced scrutiny from the Federal Reserve for their security and compliance practices. It appears that the ransomware attack on Evolve provided LockBit with access to communications between the bank and the Fed. LockBit might have seen an opportunity to leverage these documents to create the illusion of a direct attack on the Federal Reserve.
While some security researchers argue this incident mirrors previous tactics used by LockBit, such as their false claims of breaching cybersecurity firm Mandiant, I believe there are notable differences. In the Mandiant case, LockBit's actions were tied to distancing themselves from the sanctioned ransomware group REvil. By contrast, the current scenario involving the Fed appears less calculated and more opportunistic.
The data released by LockBit, which includes information related to Evolve Bank & Trust, highlights a significant vulnerability within the bank rather than the Federal Reserve. LockBit's apparent strategy to associate this data with the Fed may be a desperate attempt to increase their leverage and demand higher ransoms.
Interestingly, LockBit's negotiation tactics have also come under scrutiny. They criticized Evolve's ransomware negotiator, demanding a new negotiator be hired and ridiculing the initial offer of $50,000 to resolve the attack. This public display of frustration suggests LockBit may not be getting the desired response, potentially prompting them to escalate their claims by implicating the Fed.
Despite the skepticism surrounding LockBit's assertions, it's crucial to consider the broader implications. Even if LockBit's primary target was Evolve Bank & Trust, their attempt to involve the Federal Reserve could have serious repercussions, attracting more significant law enforcement attention and escalating the severity of their actions.
The situation remains fluid, with further developments likely in the coming days. As the investigation continues, it will become clearer whether LockBit possesses genuine Federal Reserve data or if this is merely a tactic to amplify their impact and ransom demands. For now, cybersecurity professionals and businesses should remain vigilant, monitor the unfolding events, and stay informed about potential threats and vulnerabilities exposed by this incident.