Federal Reserve logo(l), Lockbit logo(r)

Muhammad Alimaki/Shutterstock Wikipedia (Licensed)

Hacking group that boasted about breaching the Federal Reserve actually didn’t

It turns out a much less significant bank was allegedly hacked.


Mikael Thalen


Cybersecurity experts were proven correct on Tuesday after a hacking group’s alleged breach of the Federal Reserve turned out to be nothing more than hype.

On Monday, the ransomware organization known as LockBit claimed it had pilfered “33 terabytes” of “Americans’ banking secrets” in a post to their site on the dark web.

LockBit published a countdown timer and warned that it would leak the data on Tuesday if the bank did not agree to pay an undisclosed ransom.

Cybersecurity experts speaking to the Daily Dot on Monday, however, expressed skepticism that such a large-scale hack had taken place.

“LockBit’s claim is likely complete and utter bollo… erm, nonsense, and a tactic designed to get its ailing RaaS [Ransomware-as-a-Service) back into the limelight,” said Brett Callow, a threat analyst at the cybersecurity firm Emsisoft.

The malware hosting service vx-undeground likewise pushed back on LockBit’s claims, and noted on Tuesday when the data was finally published that it had not derived from the Federal Reserve.

“Today Lockbit ransomware groups ‘timer’ on the ‘Federal Reserve’ hit zero. They did not ransom the Federal Reserve as we expected – they ransomed Evolve Bank & Trust,” vx-underground wrote. “We also assume the data is not critical because the facility is still operational.”

As it turns out, according to security researchers at Zscaler ThreatLabz, the only mention of the Federal Reserve came in the form of a press release from June.

“Lockbit has just released data that is allegedly from the Federal Reserve… except this data appears to be from a bank that was recently penalized by the Federal Reserve for ‘deficiencies in the bank’s anti-money laundering, risk management, and consumer compliance programs,’” the researchers said.

The Daily Dot was unable to examine the leaked data due to continuous technical issues with LockBit’s hosting site, which have caused it to repeatedly go offline.

The website for Evolve Bank & Trust was operating as normal as of early Wednesday morning.

LockBit’s apparent bluff comes just weeks after the U.K.’s National Crime Agency (NCA) revealed the alleged identity of the gang’s leader, Russian national Dmitry Khoroshev.

Prior to that in February, much of LockBit’s online infrastructure was shuttered by the NCA, Justice Department, Federal Bureau of Investigation (FBI), and other international law enforcement partners.

Nevertheless, LockBit remains operational, although it’s still unclear whether the group will be able to reattain its previous status in the world of ransomware.

The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.

The Daily Dot