The Federal Reserve, the central banking system of the United States, is reportedly in negotiations with the ransomware gang LockBit following an alleged breach involving 33 terabytes of sensitive banking data.
LockBit, notorious for its high-profile cyberattacks, listed the Federal Reserve on its leak site, demanding an undisclosed ransom by June 25 to prevent the data from being made public. This claim, if confirmed, marks one of the largest banking hacks in U.S. history. The Federal Reserve, which oversees 12 banking districts in major cities like New York and San Francisco, has yet to release a statement on the matter.
Potential impact and negotiations
The breach’s potential impact is significant, risking exposure of vast amounts of financial and personal information. LockBit’s post hinted at ongoing negotiations, with the gang criticizing the Federal Reserve’s current negotiator for undervaluing the data at $50,000. The hackers described the stolen data as containing “juicy banking information” and Americans’ banking secrets.
John Bambenek, president of Bambenek Consulting, commented on the unusual public criticism from LockBit, highlighting the group’s tendency to pressure targets through public statements.
History of false claims
While the threat is serious, LockBit has a history of making unverified claims. Agnidipta Sarkar, vice president of CISO Advisory at ColorTokens, noted that LockBit has previously claimed breaches that were not substantiated, including supposed hacks of federal bodies.
Earlier this year, LockBit alleged a breach involving Fulton County’s sensitive data and another claiming to possess FBI data, both of which were unverified and eventually dismissed as hoaxes.
LockBit’s reputation and threat level
Despite occasional false claims, LockBit remains a formidable ransomware group, especially following the decline of the Conti group. Among its significant attacks are CNA Financial, which paid $40 million, and Royal Mail, facing an $80-million ransom demand. Other notable targets include Boeing, ICBC Bank, Accenture, and the Ministry of Justice in France, underscoring LockBit’s operational capacity and threat level.
As the deadline approaches, the Federal Reserve’s next steps and the authenticity of LockBit’s claims will be crucial in determining the full impact of this alleged breach.
–