Mon | Jun 24, 2024 | 3:05 PM PDT

The notorious LockBit ransomware group has made a startling claim: they  allegedly breached the systems of the U.S. Federal Reserve, exfiltrating 33 terabytes of sensitive data including "Americans' banking secrets." The group threatened to leak the stolen data on June 25, 2024, if their demands were unmet.

LockBit's announcement, posted on their dark web leak site, stated: "33 terabytes of juicy banking information containing Americans' banking secrets. You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans' bank secrecy at $50,000."

However, cybersecurity experts are approaching these claims with caution. Agnidipta Sarkar, Vice President, CISO Advisory, at ColorTokens, commented:

"The LockBit RaaS [ransomware-as-a-service] and its affiliates have been linked to numerous high-profile data breaches, including those at Boeing and ICBC Bank. However, not all of its claims have been verified. Despite having its infrastructure seized and its alleged leader, Dmitry Yuryevich Khoroshev, exposed by law enforcement authorities, the group seems to have continued its activities. We will need to wait for further updates on this matter."

[RELATED: Russian Hacker Indicted as Mastermind Behind LockBit Ransomware]

Sarkar added that if the breach is confirmed, "regulators will need to intervene to ensure that businesses are breach-ready, and banks will need to prioritize foundational cybersecurity by isolating critical operations from other systems."

Ken Dunham, Cyber Threat Director at Qualys Threat Research Unit, highlighted the complexities of dealing with ransomware groups, saying:

"Lockbit is a leading ransomware threat that uses double extortion, encryption, and the threat of releasing stolen data, to pressure users into a forced ransomware payout. Negotiations with criminal actors is complicated with a lack of trust, where even if a payout is made, recovery is not guaranteed and adversaries may continue to attempt exploitation or sell data to others on the dark web."

The incident has also raised questions about ransomware negotiation strategies. John Bambenek, President at Bambenek Consulting, noted:

"It's pretty rare for a ransomware group, like LockBit, to publicly dunk on a ransomware negotiator. That being said, assuming the Federal Reserve did offer to pay a ransom, it demonstrates that even the U.S. Government doesn't really believe that 'never paying ransoms' is really the solution to ransomware."

As of now, the Federal Reserve has not confirmed the breach. Cybersecurity experts emphasize the need for caution in interpreting such claims, especially given the lack of published data samples to substantiate the alleged breach.

This claim comes on the heels of a recent announcement by the FBI that it had obtained more than 7,000 LockBit decryption keys, potentially allowing some victims to recover their data without paying ransoms.

As this situation develops, it underscores the ongoing challenges in cybersecurity, particularly for critical financial institutions. Experts advise waiting for official statements from the Federal Reserve or relevant government agencies before drawing conclusions about the alleged breach.

Follow SecureWorld News for more stories related to cybersecurity.

Comments