Share this article on:
Notorious ransomware gang LockBit has claimed a cyber attack on the US Federal Reserve
LockBit listed the US central banking system on its site on 23 June, claiming to have exfiltrated 33 terabytes of “juicy banking information containing American’s banking secrets”.
“Federal banking is the term for the way the Federal Reserve of the United States distributes its money,” LockBit said.
“The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts.
“The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco.”
LockBit has set a deadline for the release of the alleged Federal Reserve data for 20:27:10 UTC on 25 June 2024.
It also alludes that ransom negotiations with the Federal Reserve have begun and that it is unhappy with any ransom offers made so far.
“You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000,” LockBit said.
At this stage, the validity of the breach is unverified, but if real, it would be arguably the largest-ever cyber attack on a financial institution of all time, and the repercussions could be dire.
That being said, multiple researchers have said the incident is likely just a grab for attention.
LockBit posts the US Federal Reserve?
— Dominic Alvieri (@AlvieriD) June 23, 2024
Someone is mad. @federalreserve pic.twitter.com/oqXwTVKHJe
At the time of writing, the US Federal Reserve has not publicly acknowledged the claims.
The Federal Reserve incident is just one of many cyber attacks by LockBit in recent months, just as the group recovered from a global takedown operation.
Operation Cronos first came to light in February when the FBI, alongside global law enforcement agencies from the UK, Germany, Canada, and Australia, seized the group’s dark web leak site.
“This site is now under the control of The National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos’,” the site now says.
“We can confirm that LockBit’s services have been disrupted as a result of international law enforcement action – this is an ongoing and developing operation.”
Following this, law enforcement gave the group a taste of its own medicine, leaking the threat group’s source code and some internal information on its own leak site while releasing decryption keys to victims.
Despite this, LockBit was back up and running later that month and returned with a vengeance, listing major organisations like London Drugs and OracleCMS, the latter of which led to organisations and agencies using OracleCMS being breached, such as Nissan Oceania, a number of Australian councils and more.
LockBit leader Dmitry Khoroshev was sanctioned by the US, the UK, and Australia, and he began offering up his competitors in the hopes of a softened blow from the FBI.
“Khoroshev then tried to get us to go easy on him by turning on his competitors, naming other ransomware-as-a-service operators,” FBI cyber division assistant director Bryan Vorndran said during a keynote at the 2024 Boston Conference on Cyber Security.
“So, it really is like dealing with organised crime gangs, where the boss rolls over and asks for leniency.
“We will not go easy on him.”
The FBI also discovered that LockBit and its affiliates kept stolen data after being paid ransom by its victims despite telling them they had deleted it.
Vorndran also said that the FBI has secured over 7,000 LockBit decryption keys and has invited affected organisations to reach out.
“We now have over 7,000 decryption keys and can help victims reclaim their data and get back online,” said Vorndran earlier this month.
“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov.”
Update 25/06/2024 - Principal Security Consultant within the Synopsys Software Integrity Group, Thomas Richards, has echoed beliefs that the attack may not be real, citing differences in the listing compared previous LockBit claims.
"In the past when this hacker group has claimed to have information, they have provided at least a sample to prove they have the data. With no actual information provided, and no confirmation from the Federal Reserve of the US Government, the claims might not be accurate," he said.
"If they were able to breach the FRB and gain access to such sensitive information, the release could be damaging to our financial system."