Pierluigi Paganini June 27, 2024

The LockBit ransomware group seems to have lied when they announced the hack of the US Federal Reserve. The real victim is the Evolve Bank.

The LockBit ransomware group hasn’t hacked the Federal Reserve as it has recently claimed, the real victim is the Evolve Bank.

Last week, the LockBit gang announced that it had breached the systems of the Federal Reserve of the United States and exfiltrated 33 TB of sensitive data, including “Americans’ banking secrets.”

The Lockbit ransomware group added the Federal Reserve to the list of victims on its Tor data leak site and threatened to leak the stolen data on 25 June, 2024 20:27:10 UTC.

The group hasn’t published any sample of the stolen data.

“Federal banking is the term for the way the Federal Reserve of the United States distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco.” reads the announcement published by the group on its leak site.

“33 terabytes of juicy banking information containing Americans’ banking secrets.
You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”

Despite the announcement, data leaked data from the group belongs to the Arkansas-based financial organization Evolve Bank & Trust.

The analysis of the data leaked by the group on its Tor leak site on June 26 confirmed the documents belong to the Evolve Bank & Trust.

Evolve Bank & Trust this week published a notice on its website to confirm the security breach and announced it has launched an investigation into the incident. The financial organization confirmed that certain personal information may have been compromised.

“Evolve Bank & Trust is making retail bank customers and financial technology partners’ customers (end users) aware of a cybersecurity incident that may involve certain personal information, as well as the actions we have taken in response, and additional steps individuals may take.” reads the notice of Cybersecurity Incident. “Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the dark web the data and personal information of some Evolve retail bank customers and financial technology partners’ customers (end users). We take this matter extremely seriously and are working diligently to address the situation.”

Evolve has reported the incident to law enforcement, it also added that the incident has been completely contained.

An update published on June 26, 2024 12:00pm confirmed that the company’s retail banking customers’ debit cards, online, and digital banking credentials do not appear to be impacted.

Evolve will directly contact impacted customers and financial technology partners.

“It appears these bad actors have released illegally obtained data, including Personal Identification Information (PII), on the dark web. The data varies by individual but may include your name, Social Security Number, date of birth, account information and/or other personal information.” continues the report.

Several media reported that the Federal Reserve had penalized Evolve Bank & Trust over multiple “deficiencies” identified in how the bank conducted risk management, anti-money laundering (AML), and compliance practices.

Several media outlets reported [1, 2, 3] that the Federal Reserve penalized Evolve Bank & Trust for various “deficiencies” in the bank’s risk management, anti-money laundering (AML) and compliance practices.

Some experts believe the ransomware gang made an error, but many researchers argue that the announcement is a desperate tentative to gain relevance.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Lockbit)