LockBit’s Breached Data Allegedly from US Federal Reserve Actually Belongs to Evolve Bank

Published on June 27, 2024
Written by:
Lore Apostol
Lore Apostol
Infosec Writer & Editor

Earlier this week, the ransomware group LockBit claimed to have obtained 33 TB of data after breaching the United States's central banking system, drawing a lot of attention under false pretenses. It appears they had lied about the victim, as the leaked information seems to have been stolen from an individual American banking entity.

The recently disrupted gang threatened to release information from the Federal Reserve data breach, which reportedly contained Americans’ banking data, if a ransom wasn’t paid by June 25. After the deadline expired, the data proved to belong to the 'Evolve Bank & Trust' financial organization.

At first glance, the released data set only includes links to a Federal Reserve press release from mid-June, when the U.S. Federal Reserve Board penalized Evolve Bancorp and its subsidiary Evolve Bank & Trust. The penalization was motivated by the bank’s ineffective risk management program “to comply with anti-money laundering laws and laws protecting consumers.”

LockBit Federal Reserve Link
Image Source: Malwarebytes

However, the huge data dump possibly exposed sensitive details belonging to Evolve Bank and its customers, but the company has not released an official statement yet.

In early May, law enforcement sanctioned and charged Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group, aka LockBitSupp, who has had his assets frozen, with an attached reward of up to $10 million for information that would lead to his arrest.

Furthermore, a hacker connected to Conti and LockBit was arrested this month in Ukraine – a cryptor specialist from Kyiv who cooperated with Russian ransomware groups and helped them evade detection.

LockBit has functioned as a Ransomware-as-a-Service (RaaS) affiliate-based variant since January 2020. Law enforcement shut down LockBit's infrastructure in February 2024 through Operation Cronos, seizing several servers with decryption keys, and now offers approximately 7,000 LockBit keys to U.S. and international victims.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: