LockBit ransomware gang claims to have hacked US Federal Reserve

The US Federal Reserve Board of Governors – the central banking system of the United States – was named by the notorious LockBit ransomware group over the weekend, though some insiders are calling it rubbish.

The Russian-linked gang posted the Federal Reserve on its dark leak blog on Sunday, claiming to have exfiltrated 33 terabytes of data from the independent US government financial institution.

“LockBit posts the US Federal Reserve? Someone is mad,” threat researcher Dominic Alvieri first posted on X with a screenshot from LockBit’s victim blog.

If true, it would be a huge get for the ransomware cartel, who in 2023 were able to victimize such behemoths as The Boeing Company and the UK’s Royal Mail, as well as carry out the mass zero-day execution campaign known as the CitrixBleed.

Cybernews reached out to the Federal Reserve Board on Monday, but its spokesperson did not comment.

The Federal Reserve website was also loading without incident on Monday, including its separately run site, FRBServices, which monitors the status of the various functions of the Fed’s network system.

That site showed no disruption to services such as the Central Bank, FedACH, and Fedwire Funds, with a line of green check marks down the board.

Federal reserve service status
Image by Cybernews

A consensus of security insiders on social media believes the claim is more likely a bluff, possibly meant to taunt US law enforcement, which has been methodically closing in on the gang over the past six months.

The most obvious tell, researchers point out, is the absence of stolen data samples, which more often than not, would be posted to accompany the claim to prove its validity.

“Yesterday Lockbit ransomware group claimed to have ransomed the United States Federal Reserve,” the malware collective vx-underground posted Monday on X.

Besides listing “Doubt,” as its top reason, vx-underground went on to say, “If Lockbit ransomware group actually ransomed the United States Federal Reserve it would be DEFCON 2 and the administrators would need to worry about a drone strike.”

Meanwhile, LockBit is threatening to publish the Federal Reserve’s alleged stolen cache on Tuesday, June 25th.

“Unless Lockbit ransomware group ransomed something small in the Federal Reserve, like maybe Lockbit took down their coffee machine and they can't watch anime or something (we don't know what the staff at the Federal Reserve actually do),” vx-underground said.

To note, when Cybernews tried to confirm the Federal Reserve was still posted on LockBit's dark blog, the gang's multiple onion addresses (also still showing the LockBit logo), were returning a “502 Bad Gateway," leading to more speculation.

LockBit federal reserve claim bad gateway
Image by Cybernews

LockBit continues to evade authorities

The cybercriminal gang, which has been successfully evading law enforcement since its inception in late 2019, suffered a major setback this spring.

An international operation led by the FBI and Interpol had infiltrated the gang’s network infrastructure and seized its dark leak site in February.

Since then, the FBI not only publicly outed its alleged Russian-based leader (LockBit Supp), but took possession of nearly 7,000 of the group’s money-making decryption keys, passing them to hundreds of LockBit victims, now able to reclaim their encrypted networks.

Yet, even with a major dent in operations, LockBit was quickly back in business within weeks of its seizure, carrying out its signature ransomware attacks in full force, and re-establishing its presence on the dark web.

More recently the group boasted of attacks on Deutsche Telekom and Cannes Hospital in France.

According to the Cybernews Ransomlooker, a ransomware monitoring tool, LockBit accounted for 47% of all publicly announced ransomware victims over the last 12 months, executing over 1,400 attacks in the US and around the world.