As Experts Suspected, LockBit Didn’t Hack The Federal Reserve
Cybersecurity experts were proven correct on Tuesday after a hacking group’s alleged breach of the Federal Reserve turned out to be nothing more than hype.
On Monday, the ransomware organization known as LockBit claimed it had pilfered “33 terabytes” of “Americans’ banking secrets” in a post to their site on the dark web.
LockBit published a countdown timer and warned that it would leak the data on Tuesday if the bank did not agree to pay an undisclosed ransom.
Cybersecurity experts speaking to the Daily Dot on Monday, however, expressed skepticism that such a large-scale hack had taken place.
“LockBit’s claim is likely complete and utter bollo… erm, nonsense, and a tactic designed to get its ailing RaaS [Ransomware-as-a-Service) back into the limelight,” said Brett Callow, a threat analyst at the cybersecurity firm Emsisoft.
The malware hosting service vx-undeground likewise pushed back on LockBit’s claims, and noted on Tuesday when the data was finally published that it had not derived from the Federal Reserve.
“Today Lockbit ransomware groups ‘timer’ on the ‘Federal Reserve’ hit zero. They did not ransom the Federal Reserve as we expected – they ransomed Evolve Bank & Trust,” vx-underground wrote. “We also assume the data is not critical because the facility is still operational.”
As it turns out, according to security researchers at Zscaler ThreatLabz, the only mention of the Federal Reserve came in the form of a press release from June.
“Lockbit has just released data that is allegedly from the Federal Reserve… except this data appears to be from a bank that was recently penalized by the Federal Reserve for ‘deficiencies in the bank’s anti-money laundering, risk management, and consumer compliance programs,’” the researchers…
