On June 23rd, 2024, the LockBit ransomware group made a bold claim to have breached the Federal Reserve’s systems on their leak site. They stated they possessed “33 terabytes of juicy banking information containing Americans’ banking secrets, “a claim later found to be false. The ransomware group further alluded to ongoing negotiations, stating they received a $50,000 offer to not leak the data, which they deemed insufficient. They then issued a threat, demanding “another negotiator within 48 hours” and criticizing the previous negotiator as a “clinical idiot who values Americans’ bank secrecy at $50,000.”
Following their threats, LockBit ultimately made good on their claim, publishing a portion of the stolen data on their dark web site. This claim, however, proved to be a fabrication. Security experts discovered the true target of the attack – Evolve Bank & Trust, an Arkansas-based financial institution.
“They have apparently breached the American bank Evolve Bank & Trust,” cyber threat monitoring company, HackManac posted in an update on social media.
“For now, there is still no trace of ‘secret’ files, but the analysis is ongoing.”
Evolve Bank & Trust swiftly acknowledged the incident, confirming unauthorized access to their systems. The exact nature and extent of the data breach are still under investigation. However, the bank is taking proactive steps to mitigate any potential risks for its customers. These steps include:
- Comprehensive Investigation: Evolve is actively working to understand the scope of the breach and the type of data potentially compromised.
- Credit Monitoring and Identity Theft Protection: The bank will be offering complimentary credit monitoring and identity theft protection services to all impacted individuals.
- New Account Numbers: For customers whose financial information may be at risk, Evolve will be issuing new account numbers to ensure continued security.
- Regular Updates: The bank is committed to keeping its customers informed. They will be providing regular updates on the investigation and any relevant information through their official website.
Focus on Customer Reassurance
While the investigation continues, it’s crucial for Evolve Bank & Trust customers to remain calm and take proactive steps to safeguard their personal information. Here are some recommended actions:
- Monitor Account Activity: Regularly review your bank statements and online banking activity for any suspicious transactions.
- Change Passwords: As a precautionary measure, consider changing your passwords for online banking and any other accounts that share similar login credentials.
- Stay Informed: Visit the Evolve Bank & Trust website for the latest updates on the data breach and any recommended actions for customers.
A wrinkle in this story is a 2023 penalty imposed by the Federal Reserve on Evolve Bank & Trust. The Fed cited “deficiencies” in the bank’s risk management, anti-money laundering (AML), and compliance practices. Specifically, examinations revealed a lack of “an effective risk management framework,” prompting the Fed to restrict certain activities until improvements are made. This raises questions about whether these vulnerabilities might have played a role in the recent attack.
A Desperate Bid For Relevance
The recent targeting of Evolve Bank & Trust, coupled with the fabricated claim of breaching the Federal Reserve, suggests LockBit may be facing difficulties. This comes after a significant blow the ransomware group suffered earlier this year. In February’s Operation Cronos, law enforcement dismantled parts of LockBit’s infrastructure and seized a staggering 34 servers containing over 2,500 decryption keys. These keys enabled the creation of a free decryptor, hindering LockBit’s ability to extort victims. With these setbacks, some security experts, like AzAl Security who called it a “desperate bid for relevance,” believe LockBit may be resorting to garnering attention through exaggerated claims.