Ransomware gang LockBit allegedly leaked a batch of sensitive data from Boeing after the US aircraft manufacturer āignoredā its warnings, a report from tech media outlet ²õ²¹¾±»å.Ģż
On October 27, 2023, LockBit claimed that it had stolen āa tremendous amountā of sensitive data from Boeing and would leak it online if Boeing failed to pay a ransom by November 2, 2023.
Boeing acknowledged the attack on November 1, 2023, saying that while it was aware of a cyber incident impacting elements of its parts and distribution business, the issue does not affect flight safety.
On November 6, 2023, cybernews published a screenshot taken from LockBit¾«¶«Ó°Ņµ dark web site, showing ātimer stoppedā in its headline.
LockBit¾«¶«Ó°Ņµ site showed that its timer stopped on November 2, 2023 at 16:20 UTC, the ransom deadline it had allegedly given Boeing.
āBoeing ignored our warnings. We start to publish data. In first batch we will publish just around 4GB of sample data. In a few days, we will publish around half terabyte of databases if we do not see a positive cooperation from the company,ā LockBit stated.
Between October 30-31, 2023, Boeing was removed from LockBit¾«¶«Ó°Ņµ hack threat list, leading to speculation that the aircraft manufacturer had entered into negotiations with the ransomware group.
What data from Boeing was leaked?
From what could be seen on LockBit¾«¶«Ó°Ņµ site, leaked information ranged from training materials to a list of the company¾«¶«Ó°Ņµ technical suppliers.
Cybernews claimed the data allegedly included the names, locations, and phone numbers of Boeing¾«¶«Ó°Ņµ suppliers and distributors across Europe and North America.
The leaked data also allegedly included Boeing’s financial details including sales, rebates, cost of poor quality (COPQ) reports, pricing with net cost, and list price data for 2020.
There were also folders named āHazardous Wasteā, āRotorcraftā, and āBusiness Casesā, as well as files with Boeing¾«¶«Ó°Ņµ internal training materials, with instructions about how to connect to specific systems and who should have access to them.
Boeing told cybernews that it is āactively investigating the incident and coordinating with law enforcement and regulatory authorities.ā
The Virginia-based manufacturer also said that it is notifying its customers and suppliers.
Who/what is LockBit?
LockBit is a cybercriminal group that uses double extortion tactics where they not only encrypt the victim’s data but also threaten to leak it if their demands are not met.
According to Canadian security service , LockBit operators are Russian-speaking and its affiliates are āone of the most prolific, destructive and lucrative ransomware groups in operation todayā.
The FBI estimated that between January 2020 and June 2023, the LockBit gang launched 1,700 attacks against US organizations, many in critical infrastructure sectors. The group was found to have collected in total approximately $91 million.