LockBit’s Breached Data Allegedly from US Federal Reserve Actually Belongs to Evolve Bank

• LockBit claimed to sell a data breach from the U.S. Federal Reserve in an attempt to make a comeback.
• The ransomware group leaked the alleged data set on its website, which contained information stolen from a different financial organization.
• There is only a remote connection to the Federal Reserve via a release sanctioning the bank.

Earlier this week, the ransomware group LockBit claimed to have obtained 33 TB of data after breaching the United States's central banking system, drawing a lot of attention under false pretenses. It appears they had lied about the victim, as the leaked information seems to have been stolen from an individual American banking entity.

The recently disrupted gang threatened to release information from the Federal Reserve data breach, which reportedly contained Americans’ banking data, if a ransom wasn’t paid by June 25. After the deadline expired, the data proved to belong to the 'Evolve Bank & Trust' financial organization.

At first glance, the released data set only includes links to a Federal Reserve press release from mid-June, when the U.S. Federal Reserve Board penalized Evolve Bancorp and its subsidiary Evolve Bank & Trust. The penalization was motivated by the bank’s ineffective risk management program “to comply with anti-money laundering laws and laws protecting consumers.”

However, the huge data dump possibly exposed sensitive details belonging to Evolve Bank and its customers, but the company has not released an official statement yet.

In early May, law enforcement sanctioned and charged Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group, aka LockBitSupp, who has had his assets frozen, with an attached reward of up to $10 million for information that would lead to his arrest.

Furthermore, a hacker connected to Conti and LockBit was arrested this month in Ukraine – a cryptor specialist from Kyiv who cooperated with Russian ransomware groups and helped them evade detection.

LockBit has functioned as a Ransomware-as-a-Service (RaaS) affiliate-based variant since January 2020. Law enforcement shut down LockBit's infrastructure in February 2024 through Operation Cronos, seizing several servers with decryption keys, and now offers approximately 7,000 LockBit keys to U.S. and international victims.