LockBit hackers lied — they didn't hit the US Federal Reserve after all

Ransomware attack on a computer
(Image credit: Kaspersky)

The researchers were right - the LockBit ransomware gang didn’t break into the US Federal Reserve, as it so boldly claimed earlier this week. 

Instead, the “juicy” banking information it leaked on its website recently belongs to a different, commercial bank.

It doesn’t change the fact that people’s sensitive information is being exposed, but it does tell plenty of the state of LockBit after the Cronos operation.

Desperate bid for relevance

LockBit had made a bold claim, stating it obtained an archive containing 33 terabytes of information from the Fed, including “Americans’ banking secrets”.

“You better hire another negotiator within 48 hours and fire this clinic idiot who values Americans’ bank secrecy at $50,000,'' the post on the data leak site continued, suggesting that the negotiation was underway, and that the group was offered $50,000 in exchange for the data.

The Fed did not comment at the time, but multiple security researchers expressed their suspicions. Some stated LockBit gave no proof of its claims, while others called the entire thing a desperate post-Cronos bid for attention. They seem to be right. 

In an X post picked up by BleepingComputer, cyber-threat monitoring company HackManac said the initial investigation into the files, which leaked in the meantime, showed they came from Evolve Bank & Trust. "For now, there is still no trace of 'secret' files, but the analysis is ongoing."

Following the announcement, Evolve Bank & Trust confirmed the news with the publication, stating “it appears these bad actors have released illegally obtained data, on the dark web." 

The bank has, since then, did the usual - notified affected people and the law enforcement, contained the threat, and offered complimentary credit monitoring and identity theft protection services. 

How the cybercriminal community responds to the news, remains to be seen. For now, security researchers are being fairly vocal, with some calling the move a “desperate bid for relevance.” 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.