It appears the financial world can breathe a sigh of relief as LockBit’s threats to leak 33 TB of stolen data from the US Federal Reserve appear to be a publicity stunt. Security researchers have found that the posted data samples all appear to come from one US bank, which admitted that it recently experienced a data breach.
Once on top of the ransomware and data extortion world, LockBit is struggling to restore its reputation and attack clients after being hobbled by a law enforcement action earlier this year. The identity of its leader was outed, and the group has been observed posting more and more fake or recycled data on its leak site since it had assets seized in February.
Stolen data came from Evolve Bank, not US Federal Reserve
What LockBit was threatening was essentially an apocalypse for the US banking system, something that could potentially even throw the world economy into turmoil. Instead, the group appears to have merely penetrated a relatively minor fintech service that has been in trouble with the US Federal Reserve for compliance issues as of late.
Evolve is backed by a real-world bank with retail locations in Arkansas and Tennessee, but offers fintech fully-online service (via assorted partners) throughout the country. The stolen data is most likely new and will be problematic for its customers, but nowhere near the haul of US Federal Reserve “secrets” that LockBit promised.
Though it’s not clear if there is a direct relationship, Evolve has also been dealing with a US Federal Reserve Board cease-and-desist order that requires it to make major changes to its operation by August and that forbids it from entering into any new relationships with fintech providers without review and permission. That order is focused on its risk management, consumer compliance, and anti-money laundering programs, all of which were found deficient and “unsafe” according to authorities.
LockBit still a major threat despite signs of collapse
Without juicy US Federal Reserve data on offer, this appears to be a more run-of-the-mill breach, albeit one that does look to contain sensitive financial information. The silver lining is that such an audacious lie points to LockBit being on the ropes, though it is not safe to relax just yet as the group continued to rack up legitimate victims in May (as many as 150) despite its apparent struggles. The group also appears to be more focused than ever on finance and critical infrastructure targets, going for the most lucrative possibilities it can find without care for real-world damage.
Compounding the group’s problems is the May indictment of frontman “LockBitSupp,” now known to the world as 31 year old Dimitry Yuryevich Khoroshev of Russia. The US has offered $10 million in reward money for information leading to his capture.
The US Federal Reserve has made no statement on the whole incident, and it remains unclear if LockBit was ever actually in negotiations over the stolen data. The group kept eyes on the story by claiming that an inept federal negotiator had offered a $50,000 payment.