Risk & Repeat: Hacks, lies and LockBit

LockBit falsely claimed it breached the U.S. Federal Reserve in an event that suggests a continuing decline of the notorious ransomware gang.

Earlier this year a coalition of law enforcement agencies led by the U.K.'s National Crime Agency launched "Operation Cronos," a disruption effort against LockBit that resulted in two arrests and the seizure of gang's web infrastructure, cryptocurrency accounts and more than 1,000 decryption keys to assist victims. Although the gang returned with a new leak site and claims of fresh victims, other signs showed LockBit's comeback efforts to be failing.

On June 23, LockBit published a countdown timer to its new data leak site promising the release of data stolen from the U.S. Federal Reserve. On June 25 when the countdown completed, the gang released samples of data it stole. Researchers who analyzed the data found that it belonged not to the Federal Reserve, but instead a banking organization based in Arkansas named Evolve Bank & Trust.

Evolve Bank & Trust confirmed that it suffered a LockBit attack in a breach disclosure page, adding that the gang "mistakenly" claimed the stolen data was from the Federal Reserve. LockBit apparently gained access, Evolve said, "when an employee inadvertently clicked on a malicious internet link."

The bank's latest update on July 3 said it was in the process of preparing to notify customers, which it anticipates beginning on Monday.

On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss LockBit's attack against Evolve Bank & Trust, its false claims of breaching the Federal Reserve and the future of the ransomware group.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.