3 min Security

LockBit’s claim of large-scale attack on Federal Reserve turns out to be false

Insight: Security

LockBit’s claim of large-scale attack on Federal Reserve turns out to be false

Update, 28/06, Laura Herijgers—The doubts about the ransomware attack on the Federal Reserve have proven to be legitimate. LockBit was unable to penetrate the American bank’s online environment. LockBit did, however, carry out a ransomware attack on an organization from the financial sector. The victim is Evolve Bank & Trust. It is an American financial organization that offers specialized technology to the industry and operates in Banking-as-a-Service.

Original, 25/05, Erik van Klinken – Ransomware gang LockBit 3.0 appears to be back on the scene, but experts aren’t convinced if it’s back to being fully operational. Having already caused a spike in cyber attacks in March, the criminal group now claims to have obtained 33 terabytes of sensitive data. The alleged victim: the U.S. Federal Reserve.

When LockBit 3.0 was targeted by authorities in February, the group appeared to suffer greatly. The identity of ringleader Dmitry Khoroshev was revealed in May, while it later became clear that the group was losing market share against rival cybercriminals. However, evidence now suggests that LockBit 3.0 has been able to recover, allowing it to once again carry out impactful attacks.

Claim without proof

Now LockBit claims to have exfiltrated 33 TB of sensitive data from the systems of the Federal Reserve, the U.S. central bank. The data allegedly involves banking information containing the “Americans’ banking secrets.” LockBit 3.0 also criticizes the negotiator from the Federal Reserve. This person is said to have been willing to pay $50,000 in ransom, but the cybercriminals imply that’s far too low a sum. As it happens, the average ransomware payment is considerably higher at $2 million, Sophos research recently showed.

Still, some experts question in conversation with SiliconANGLE that LockBit is really back in anger. For example, the gang hasn’t shown any evidence of the compromise on the Federal Reserve. Normally, a cybercriminal organization tends to present a piece of the information it obtained to prove its authenticity. This puts pressure on affected organizations, especially if the data to be leaked contains personal information. After all, the affected individuals will have a strong preference that their data not end up on the street and may apply further pressure on the target organization to pay up.


LockBit 3.0, by the way, has already been hampered in other ways for a while now. A leak of the LockBit builder source code in 2022 allowed other organizations to copy the technology. This has resulted in LockBit’s grip on the cybercrime landscape weakening over time, even though it still claims a hefty share of attacks.

Read more: Cohesity CTO: New vaccines needed for the EU ransomware pandemic