US Federal Reserve purportedly hacked by Russian group

Hauptsitz der Federal Reserve in Washington D.C.. Bild von Rafael Saldaña via flickr.com. Lizenz: Creative Commons

The Ransomware Group LockBit Claims to Have Hacked the Federal Reserve, Stealing 33 Terabytes of Sensitive Data. But Is It True?

Perhaps we should acknowledge that reality can often be more cheap and implausible than a third-rate action comedy. In the midst of a geopolitically tense situation, economic, currency, and drone wars, hackers from Russia — the ransomware gang LockBit — allegedly hacked the United States central bank, the Federal Reserve (Fed) as reported.

Following the attack, negotiations ensued, during which, according to LockBit, „a patented idiot“ offered the laughable sum of $50,000 to keep „America’s banking secrets“ from being published. LockBit claims to possess 33 terabytes of bank data, including sensitive information about the transfers of millions of Americans and their banks, and gave the Fed until June 25 to make a more serious offer. After the deadline passed, LockBit released parts of the stolen data on the darknet, via 21 links, including various directories and torrent files.

And as if the U.S. institutions weren’t already sufficiently embarrassed, the U.S. Department of Justice had just in May announced a blow against LockBit: together with their British counterparts, they had disrupted the ransomware group, filed charges, and worked closely with international partners to further impede the hackers, including taking control of servers, networks, and domains.

But the result is — a hack of the U.S. central bank? Could the defeat be any clearer?

„Malicious actors have illegally published stolen data on the dark web“

As it turns out, however, the hackers celebrated too early and the sensationalist observers laughed too soon. The data released so far does not indicate a Fed hack but rather a breach of a single bank — Evolve Bank & Trust.

The bank explained in a public statement that there had been a security incident. „Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization. It appears that malicious actors have illegally published stolen data on the dark web.“ The bank takes the incident seriously and has involved law enforcement. There is no further threat, and they are offering affected customers all possible assistance.

There is currently no evidence to suggest that the Fed was indeed hacked. This leads to the intriguing question: why? Why does LockBit claim this?

An Act of Desperation

The answer lies in the dynamics of the ransomware market. LockBit operates on the principle of „Ransomware-as-a-Service“: The hackers write the malware but offer it to others, similar to franchising, to deploy the software on the victim’s systems, after which both parties share the spoils.

This distribution model makes attention and relevance a coveted resource. Only when ransomware is well-known does it attract sufficient affiliates. After the attack by the U.S. Justice Department, LockBit lost precisely this resource. The infrastructure to process payments, servers, and networks were seized, and the malware and its functionalities became widely known.

With the alleged hack of the Fed, LockBit is now trying to make itself appear more important than it is, presumably in the hope of gaining influence in the darknet. This supposed coup thus demonstrates not strength, but weakness — not the ineffectiveness but the effectiveness of the Justice Department’s actions — and the hackers‘ desperation.

Reality, therefore, is not necessarily cheaper and more implausible than a bad action movie — but rather akin to a comedy.