After hackers from the LockBit 3.0 ransomware group claimed to have stolen a massive amount of Americans’ banking information from the United States Federal Reserve (‘Fed’), the deadline set for negotiations is about to expire, and the group seems dissatisfied with the agency’s current offer.
Specifically, the notorious ransomware gang alleges to have exfiltrated 33 terabytes of “juicy banking information containing Americans’ banking secrets,” telling the Fed to “better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”
Banking data from 12 districts
Furthermore, to drive its point home and illustrate just how widespread the damage would be, should these negotiations fail and the Americans’ sensitive banking information become public, the group explained that the Fed’s operations spanned across 12 districts in the US:
Picks for you
“Federal banking is the term for the way the Federal Reserve of the United States distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts.”
Indeed, as BitLock’s message specified, the American banking authority’s districts include Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City, and San Francisco, stretching from one US coast to the other.
According to the screenshot from LockBit’s website shared by the cyber attack monitoring platform HackManac in an X post on June 24, the hackers’ last message dates June 23, and the given deadline for the release of the sensitive banking information expires on June 25, 20:27:10 UTC.
LockBit’s ransom tactics
As a reminder, LockBit is one of the most active ransomware groups in the world, relying on a “double extortion tactic to encourage victims to pay, first, to regain access to their encrypted files and then to pay again to prevent their stolen data from being posted publicly,” as per BlackBerry website.
In June 2022, the reportedly Russian group, which first appeared in September 2019, evolved into ‘LockBit 2.0’ in 2021 and then into its current version of its revamped ‘ransomware-as-a-service’ (RaaS) operation called ‘LockBit 3.0,’ introduced the first ransomware bug bounty program, in which:
“We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million.”
Meanwhile, Morgan Wright, chief security advisor to the advanced enterprise cybersecurity artificial intelligence (AI) platform SentinelOne, said the recent news was in line with other Russian attacks, which often happen in retaliation for perceived or actual actions.
Ransomware and crypto
As it happens, ransomware attacks have become increasingly common in the modern information technology age, as nearly all important data rests on a cloud or physical servers, and no government branch or industry is safe from them, as cryptocurrency exchange Kraken recently witnessed.
On top of that, cybercriminals have become increasingly reliant on crypto as a way to demand ransom payments or to hide their money trail, primarily thanks to the assets’ largely anonymous nature and the existence of crypto mixers like Tornado Cash and Helix.
As for LockBit, the US National Crime Agency (NCA), with support from blockchain analytics platform Chainalysis, has recently discovered hundreds of crypto wallets associated with its operations, containing millions of dollars in Bitcoin (BTC) and other digital currencies.
