LockBit 3.0 leaks links to alleged leaked US Federal Reserve data: what do we know and what are the consequences?

According to recent reports, the LockBit 3.0 ransomware group has claimed responsibility for a cyberattack on the United States Federal Reserve. The group alleges to have stolen 33 terabytes of sensitive banking data, including “juicy banking information containing American’s banking secrets”.

LockBit 3.0 posted on their dark web leak site that they had infiltrated the Federal Reserve’s systems and are threatening to release the stolen data if a ransom demand is not met within 48 hours.

The group has given the Federal Reserve an ultimatum to hire a new negotiator and fire the current one, whom they referred to as a “clinical idiot” for valuing the stolen data at only $50,000. The Federal Reserve has not confirmed the breach.

What is LockBit?

LockBit’s journey began in September 2019 under the moniker “ABCD” ransomware. However, it wasn’t until June 2022 that LockBit 3.0, also known as “LockBit Black,” emerged.

The group provides ransomware services to affiliates who pay for the privilege of using their malware. This business model has proven incredibly successful, with LockBit estimated to be responsible for a staggering 44% of all global ransomware incidents in early 2023.

Between January 2020 and May 2023, the group was linked to approximately 1,700 ransomware attacks in the United States alone, with victims paying an estimated $91 million in ransoms.