Infamous ransomware gang LockBit is claiming to have breached the U.S. Federal Reserve and is threatening to release stolen banking information if a ransom payment is not made.

According to a listing on its dark web leaks site, LockBit claims to have “33 terabytes of juicy banking information containing Americans’ banking secrets” before going on to say, “You better hire another negotiator within 48 hours and fire this clinic idiot who values Americans’ bank secrecy at $50,000.”

🚨🚨🚨 #CyberAttack 🚨🚨🚨

🇺🇸 #USA: US Federal Reserve has been listed as a victim by the LockBit 3.0 ransomware group.

The hackers allegedly exfiltrated 33 TB of banking information.

Ransom deadline: 25th Jun 24.#Ransomware pic.twitter.com/JGC1YG7y4A

— HackManac (@H4ckManac) June 24, 2024

The latter text appears, at face value, to suggest that someone representing the Federal Reserve had offered LockBit $50,000 so that it would not release the allegedly stolen data. The exact amount LockBit is chasing as a ransom payment is not specified, but the group has typically demanded much more; whatever the amount, LockBit is giving the Fed until June 25 at 8:27 p.m. UTC (2:27 p.m. EDT) before it may it start releasing the stolen data.

The Fed has not yet commented on the claims made by LockBit.

LockBit has not provided samples of the stolen data, which raises questions about whether the hack is legitimate. Though some are casting dispersions on LockBit, it’s not as if LockBit hasn’t hacked business and government bodies before.

Dr. Ferhat Dikbiyik, chief research and intelligence officer of third-party risk management firm Black Kite Inc., is one of the skeptics. “Post-Operation Cronos, LockBit appears to be in a state of desperation, attempting to regain its credibility and recruit affiliates by showcasing high-profile attacks,” he told SiliconANGLE. He said the group’s statements could be “misleading, false or grossly exaggerated.”

“It’s unusual for ransomware groups to successfully breach such significant institutions without swift retaliation or acknowledgment,” Dikbiyik explained. “The size of the alleged breach and the dramatic narrative could very well be part of a broader strategy to instill fear and re-establish dominance in the cybercrime ecosystem.”

Jason Baker, threat intelligence consultant with cybersecurity consulting services company Guidepoint Security LLC, noted that LockBit has yet to provide evidence and that “33 terabytes would be an insane amount of data to exfil without getting caught.”

“What I can confidently say is that there is so far nothing to suggest this is accurate besides the word of the threat actor, but that it will nonetheless be amplified on social media,” Baker noted.

LockBit has been in the news this year following attempts by law enforcement to take the group offline, culminating in its site being taken offline in February and two alleged members being arrested. LockBit was back online a week later and has since gone on to surge to the top of the ransomware group leaderboard.

A report from NCC Group plc last week found that LockBit attacks saw a massive resurgence in May, increasing by 655% compared to April. LockBit attacks accounted for 37% of all ransomware attacks globally last month.

Image: SiliconANGLE/Bing Image Creator