LockBit Popped US Federal Reserve? Not So Fast...


June 25, 2024

World map

The Lockbit ransomware gang announced that it has breached the U.S. Federal Reserve and exfiltrated 33 TB of sensitive data touted as “Americans’ banking secrets,” but the group hasn’t published any proof of the attack or a sample of the allegedly stolen data.

“Many experts are skeptical about the criminal group’s announcement. The Federal Reserve is a high-profile target, and a data breach could have serious repercussions. Many believe that the group’s announcement is just for attention,” Security Affairs reports.

Takeaway: Until LockBit or the Fed provide actual proof of the compromise, it is simply speculation at this point.  

Ransomware operators are basically scumbags with zero integrity, so we would caution against relying on them as a single source of information on any potential attack.

This is especially true of LockBit, as they are struggling to maintain relevance in the wake of LEO actions that crippled their infrastructure and resulted in the authorities recovering somewhere in the neighborhood of 7k encryption keys.  

At this point, it is just as or even more likely that LockBit is blowing smoke to bolster its reputation with affiliate attackers than having actually carried out a successful attack against the Fed, but then again we have seen some very big targets get popped by ransomware operators in recent months, so it is not entirely out of the realm of possibilities.  

But there are plenty of examples of RaaS groups falsely posting organizations on their leaks sites who were not compromised as a means of getting the alleged victim organization to pay a ransom, and it is more than obvious that the news cycle moves faster than DFIR, so it's best everyone refrain from further speculation until there is some concrete evidence of an attack available.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.