The Lockbit 3.0 ransomware group claims to have breached the United States Federal Reserve, exfiltrating about 33 terabytes of potentially sensitive data.
The group claims that the stolen data includes “Americans’ banking secrets,” though they have not yet published any of the stolen data. The Federal Reserve has not confirmed whether an attack occurred or the size of said attack.
But while the Fed has kept quiet in public, Lockbit claims that they’ve been negotiating in private. In a statement posted to their dark web PR site, the group has issued an ultimatum: The Federal Reserve must hire a new negotiator within 48 hours. The attackers have referred to the current negotiator as a “clinical idiot,” apparently for offering a mere $50,000 for the exfiltrated data.
Some cybersecurity experts question LockBit’s claims.
While it’s certainly possible that the group has successfully infiltrated a major American institution, such an attack would be questionable from a practical standpoint: The U.S. government does not generally negotiate with extortionists. Additionally, attacking the banking system would bring a tremendous amount of pressure on U.S. authorities to make arrests — and Lockbit is already a major target for law enforcement.
There’s also the question of the amount of useful data compromised by the alleged attack. 35 terabytes could include personally identifiable information (PII) for thousands of private citizens and banking institutions; it could also be worthless, depending on the structure of the data and security controls used to protect PII.
Typically, hacking groups will release a sample of stolen data. Without such a sample, Lockbit is basically saying to the cybersecurity community: “We did this, trust us.”
At Datarecovery.com, we’re skeptical of Lockbit’s claims, pending further proof. The group has been extraordinarily successful in the past, and they do not have a history of making unfounded claims — but there’s always a first, particularly when dealing with ransomware groups.
An attack on the U.S. Fed would be a watershed moment in the fight against ransomware.
The Fed, like many U.S. agencies, is unable to pay ransoms to certain attackers, including those based in Russia (where Lockbit 3.0 is probably based). And while U.S. authorities have strong incentives to keep banking information private, they also have other duties; paying a ransom would arguably compromise national security.
If Lockbit 3.0’s claims are accurate, the incident could prompt an escalation in the war against malware. Perhaps more importantly, however, it would show that no U.S. institution is outside of the reach of the world’s top hacking groups — and that a proactive approach is necessary to keep data secure.
Datarecovery.com provides a range of data security services including ransomware recovery, penetration (PEN) testing, and dark web monitoring. To learn more, call 1-800-237-4200 to speak with an expert.
