Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Federal Reserve Bank of New York

Federal Reserve Bank of New York Vendor Cyber Rating & Cyber Score

newyorkfed.org

Be aware of potentially fake online job postings that claim to be from the Federal Reserve. Always verify and apply to jobs on the Federal Reserve System Careers webpage. The Federal Reserve Bank of New York works within the Federal Reserve System and with other public and private sector institutions to foster the safety, soundness and vitality of our economic and financial systems. Some of its most critical functions include the implementation of monetary policy, supervision and regulation of depository institutions, international operations and financial services. The New York Fed oversees the Second Federal Reserve District, which includes New York State, the 12 northern counties of New Jersey, Fairfield County in Connecticut, Puerto


FRBNY A.I CyberSecurity Scoring

FRBNY
Company Information
Website:http://www.newyorkfed.org
Employees number:3,228
Number of followers:165,624
NAICS:52
Industry Type:Financial Services
Homepage:newyorkfed.org
FRBNY Risk Score (AI oriented)
Between 650 and 699
logo
FRBNYFinancial Services
Updated:
22/06/2026
666/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
FRBNY Global Score (TPRM)
xxxx
logo
FRBNYFinancial Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

FRBNY
FRBNYWeak
Current Score
666B (WEAK)
01000
1 incidents
-115 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
667Before Incident
JUNE 2026
666Before Incident
MAY 2026
664Before Incident
APRIL 2026
662Before Incident
MARCH 2026
660Before Incident
FEBRUARY 2026
658Before Incident
JANUARY 2026
769Before Incident
Ransomware
01 Jan 2026FRBNY
Change Healthcare and Federal Reserve: Claimed Twice: Five Reasons the Same Ransomware Victim Shows Up Under Two Flags

Ransomware’s Double Trouble: Why Victims Are Being Claimed Twice in 2026

654After Incident
CRITICAL-115
CHAFED1782133142
Ransomware’s Double Trouble: Why Victims Are Being Claimed Twice in 2026 In 2026, a troubling trend has emerged in the ransomware landscape: the same victim organizations are appearing on leak sites under two different ransomware group names. Bitdefender’s analysis of this phenomenon based on a curated dataset of 98 claims across 49 distinct victims from January to June 2026 reveals five key explanations for these duplicate postings, each with distinct implications for incident response. ### The Mechanics Behind Duplicate Claims The median gap between a victim’s first and second appearance on leak sites is 12 days, with a mean of 23 days and a maximum of 96 days. While five cases were posted simultaneously, most followed a staggered timeline, suggesting different underlying causes. The patterns also hint at structured relationships between groups such as Beast preceding Qilin or Devman preceding DragonForce rather than random overlaps. #### 1. One Attack, Two Group Names (Cartel Rebranding) Some duplicate claims stem from a single breach posted by two brands within the same criminal network. For example, DragonForce absorbed affiliates from RansomHub after its shutdown, leading to the same victim appearing under both names. Similarly, Hunters International rebranded as World Leaks, carrying over infrastructure and extortion tactics. In these cases, the victim faces one incident, not two, but public statistics inflate the count. #### 2. Same Data, Second Extortion (Affiliate Churn) A single breach can generate two extortion attempts if an unpaid affiliate reposts stolen data under a new group. The Change Healthcare case exemplifies this: an ALPHV/BlackCat affiliate allegedly resurfaced the same data via RansomHub after a payment dispute. The 1-to-30-day gap in many duplicate claims aligns with this model, where sequential postings indicate a handoff rather than simultaneous access sales. #### 3. Two Real Breaches (Repeat Victimization) In 16 of the 49 cases, the gap between claims exceeded 31 days, suggesting two genuinely separate breaches. Often, this occurs when an organization fails to address systemic vulnerabilities such as weak identity controls, unpatched systems, or flat networks after the first attack. Access brokers may also resell compromised credentials, enabling multiple independent intrusions. #### 4. No Breach at All (Fabrication or Plagiarism) Some claims are entirely fabricated. 0APT, a group that surfaced in early 2026, posted 549 victims in two months later revealed to be fake after a rival group, KryBit, leaked its logs. Similarly, LockBit falsely attributed Evolve Bank data to the Federal Reserve post-disruption, while Dispossessor simply reposted existing victim lists from Cl0p and Hunters International. These cases invert the problem: victims may have no breach to remediate, but false claims still trigger unnecessary disclosures. ### The Statistical Impact of Noise The prevalence of fabricated claims distorts ransomware metrics. In Q1 2026, raw leak-site data showed 3,014 victims a 15% increase from 2025. However, removing 0APT’s 549 fake claims reversed the trend, revealing a 6% decline. This underscores how one fraudulent group can flip the narrative from "ransomware surged" to "ransomware fell." ### Key Takeaways for Defenders - Same-day or near-simultaneous claims often indicate cartel rebranding or shared access. - Days-to-weeks gaps suggest affiliate churn or re-extortion. - Months-long gaps point to repeat victimization due to unaddressed vulnerabilities. - No proof or recycled data signals fabrication verification is critical before responding. The rise of duplicate claims complicates incident response, requiring defenders to distinguish between new intrusions, recycled access, and outright fraud to avoid misallocating resources or making flawed disclosure decisions.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gainExtortionData theft
DATA BREACH
Personally identifiable informationPayment informationSensitivity Of Data: High
DECEMBER 2025
769Before Incident
NOVEMBER 2025
769Before Incident
OCTOBER 2025
769Before Incident
SEPTEMBER 2025
769Before Incident
AUGUST 2025
769Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for FRBNY ?
?
What was FRBNY's A.I Rankiteo Cyber Score in June 2026 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in May 2026 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in April 2026 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in March 2026 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in February 2026 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in January 2026 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in December 2025 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in November 2025 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in October 2025 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in September 2025 ?
?
What was FRBNY's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on FRBNY's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with FRBNY ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view FRBNY's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?