The notorious ransomware gang Lockbit 3.0 has claimed responsibility for a cyber attack on the US Federal Reserve. The group allegedly exfiltrated 33 TB of sensitive banking information and is now demanding a ransom payment. Of particular concern is the Federal Reserve’s critical role in maintaining the stability of our financial system – and the potential this attack holds to dismantle that. This news follows Lockbit 3.0’s recent attack on Fulton County where they shut down nearly all online systems.
Roman Arutyunov, Co-Founder of Xage Security (the critical infrastructure cybersecurity company supporting the US Space Force, US DoE, etc.), has been following the movements of Lockbit 3.0 closely and is deeply concerned – especially given that Lockbit attacks accounted for 37 percent of all ransomware attacks globally last month.
Arutyunov explains to Digital Journal: “LockBit is a financially motivated attacker that consistently targets critical U.S. infrastructure systems – and their latest victim is the US Federal Reserve. Recently, there’s been a strong focus on the cyber threats posed by nation-state actors (and rightfully so!). However, financially driven groups like LockBit are equally, if not more, of an immediate risk to critical infrastructure.”
This provides a wake-up call for government: “Nation states are more likely to launch “living off the land” attacks, gathering intelligence and sending it back, while silently waiting for a moment to attack (which could never come – ideally). Conversely, financially motivated attackers don’t hesitate to pull the trigger. They’re looking for ROI, and fast. There is virtually no limit to how many attacks they will wage or how often. And with their adoption of AI, we only expect the frequency to get worse.”
With the specific attack, Arutyunov observes: 2However, interestingly enough, there is speculation that LockBit doesn’t have the 33TB of data allegedly stolen from the Federal Reserve. Typically, groups like LockBit publish a snippet of data to prove it has infiltrated the system, but they haven’t released any data yet.”
He adds there is further confusion: “Additionally, they have at least twice made claims to have Federal data that they did not have. Regardless, the main issue isn’t whether LockBit is truthful; it’s that their attacks comprised 37% of all ransomware incidents globally last month.”
This means further action is needed: “Our primary concern should be taking this cyber gang down and urgently implementing zero trust security measures to protect our critical systems from such threats.”
Joe Biden’s Executive Order (EO) to protect citizens from sensitive data went into effect. Ironically, news just broke that LockBit held its word and published the data from the U.S. Federal Reserve – because the ransom demand was not paid by the June 25 deadline.
It’s clear to Arutyunov that U.S. data is under attack.
He explains: “Having the LockBit leak happening at the very same time that the Executive Order on sensitive data goes into effect just goes to show the climate we’re facing right now. I’m glad to see some momentum in terms of regulation, but the focus on “countries of concern,” as stated in the EO, is clearly not enough. For-profit entities pose a significant threat to the personal privacy of Americans, arguably on par with, if not greater than, other imminent threats.”
As to the next steps, Arutyunov suspects: “Hopefully, the EO will lead to improved governance of privacy practices and enhanced security protections across the board, but we’ll have to wait and see.”
