In a post on its victim-shaming site, ransomware group LockBit claimed Sunday evening that it had stolen 33 terabytes of data belonging to the Federal Reserve, and the group threatened a Tuesday evening release time. The Fed has not commented on the matter.
Brett Callow, a threat analyst at Emsisoft, said it was “highly likely, in my opinion” that the group is lying. “I believe it’s far more likely that any data they do have relating to the [Fed] would have come from a third party,” he said.
Breaches of third-party IT services have become a common method for ransomware actors to steal data. In a prominent recent example, threat actor
LockBit has no known involvement in the Snowflake data breaches.
Callow was not alone in his analysis that the group is likely lying. The anonymous owner of the social media account for vx-underground, an online collection of malware samples, said simply about LockBit’s claim, “
Despite law enforcement actions against LockBit earlier this year, including hijacking the victim-shaming site where the group posts about the data it has stolen, the threat actor has launched new sites and continued claiming new victims.
On May 8, the day after the FBI publicly
LockBit has not made any specific claims about the nature of the stolen data. While the group typically posts samples of the data it has stolen, particularly in cases of high-profile cyberattacks, it has not posted any such samples of the supposedly stolen Fed data.
“No proof, so [probably] just blowing off steam,”