The Evolve Bank & Trust Breach

Jul 01, 2024

On June 26th, 2024, Evolve Bank & Trust was breached by the LockBit ransomware after an employee clicked on a malicious link.
The attack took place in May 2024, and the bank refused to pay the ransom. As a result, LockBit partially leaked the “33 TB” of stolen data.
Earlier last week, on June 23rd, LockBit thought it had breached the U.S. Federal Reserve, which caused skepticism. However, this turned out to be incorrect.
Evolve Bank partners with several large technology firms, such as Affirm, Mercury, and others, some of which have posted guidance on X about the breach.
Although Evolve Bank didn’t explicitly state what was leaked, sources have mentioned a combination of PII (date of birth, SSN, name) and Bank Account information (account numbers, balances, and names of business owners).

If you use any of Evolve’s partner services, we recommend following their published guidance.
Evolve recommends monitoring account activity and credit reports for potentially suspicious activity or identity theft.
Evolve will also offer two years of free credit and identity theft monitoring for affected individuals they will contact on July 8th, 2024.

According to CISA, LockBit is the most prolific ransomware deployed in the past several years with significantly varying observed tactics, making detection difficult.
Since 2020, there have been about 1,700 attacks using the LockBit ransomware, which contributed to nearly $91M of paid ransoms in the U.S. alone.
Industries targeted have included Healthcare, Education, Government, Financial, and Manufacturing.
In May 2024, the U.S. charged the alleged leader of the LockBit Ransomware Group (Dmitry Yuryevich Khoroshev) with a 26-count indictment. There is a $10M reward for information leading to his arrest.

Detection at Scale