Last weekend, notorious ransomware gang LockBit listed the U.S. Federal Reserve to its data leak site. They claimed to have stolen 33 TBs of “juicy banking information containing Americans’ banking secrets.” The group set a date of June 25th when they would release the data if a ransom of reportedly $50,000 was not met.

Below you can see a screenshot of the post on LockBit’s data leak site.

What We Know So Far

After the post was made, there was a lot of speculation. Because LockBit did not provide any evidence that they had actually breached the Federal Reserve systems, most took LockBit’s claims with caution.

On June 25th, LockBit released 21 separate links containing files of what appears to be parent directories, torrents, and compressed archive files.

An analysis of the data revealed that it likely came from not the Federal Reserve but another financial institution, Evolve Bank and Trust. Evolve Bank and Trust is a Memphis, TN based consumer banking-as-a-service and mortgage lender that serve individuals and businesses in at least 17 states across the nation. They listed assets of $1.3 billion in 2022.

On June 26th, Evolve confirmed via its website that it was investigating a “cybersecurity incident.” The company confirmed that “customers’ debit cards, online, and digital banking credentials were not impacted by the cybersecurity incident.” The company’ reiterates that the credentials remain secure, and no action is necessary for customers.

In an aside, Evolve was recently singled out by the Federal Reserve for engaging in unsafe and unsound banking practices.

The Reserve said in a 2023 release, “Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.”

Defender Recommendations

This is an ongoing story, and Ag Defender will continue to monitor it. In the meantime, if you are a customer of Evolve, it would be prudent to at least change the password on your account and ensure you are using multifactor authentication (MFA) if it is applicable.

Also, keep a closer eye on the account to ensure no fraud is occurring.

While LockBit may still have data that actually came from the Federal Reserve, their is no indication currently that that is the case. All current evidence points to a LockBit bluff, which would not be the first time. However, this could change. We will continue to monitor this incident.