Ransomware gang LockBit allegedly leaked a batch of sensitive data from Boeing after the US aircraft manufacturer “ignored” its warnings, a report from tech media outlet .
On October 27, 2023, LockBit claimed that it had stolen “a tremendous amount” of sensitive data from Boeing and would leak it online if Boeing failed to pay a ransom by November 2, 2023.
Boeing acknowledged the attack on November 1, 2023, saying that while it was aware of a cyber incident impacting elements of its parts and distribution business, the issue does not affect flight safety.
On November 6, 2023, cybernews published a screenshot taken from LockBitӰҵ dark web site, showing “timer stopped” in its headline.
LockBitӰҵ site showed that its timer stopped on November 2, 2023 at 16:20 UTC, the ransom deadline it had allegedly given Boeing.
“Boeing ignored our warnings. We start to publish data. In first batch we will publish just around 4GB of sample data. In a few days, we will publish around half terabyte of databases if we do not see a positive cooperation from the company,” LockBit stated.
Between October 30-31, 2023, Boeing was removed from LockBitӰҵ hack threat list, leading to speculation that the aircraft manufacturer had entered into negotiations with the ransomware group.
What data from Boeing was leaked?
From what could be seen on LockBitӰҵ site, leaked information ranged from training materials to a list of the companyӰҵ technical suppliers.
Cybernews claimed the data allegedly included the names, locations, and phone numbers of BoeingӰҵ suppliers and distributors across Europe and North America.
The leaked data also allegedly included Boeing’s financial details including sales, rebates, cost of poor quality (COPQ) reports, pricing with net cost, and list price data for 2020.
There were also folders named ‘Hazardous Waste’, ‘Rotorcraft’, and ‘Business Cases’, as well as files with BoeingӰҵ internal training materials, with instructions about how to connect to specific systems and who should have access to them.
Boeing told cybernews that it is “actively investigating the incident and coordinating with law enforcement and regulatory authorities.”
The Virginia-based manufacturer also said that it is notifying its customers and suppliers.
Who/what is LockBit?
LockBit is a cybercriminal group that uses double extortion tactics where they not only encrypt the victim’s data but also threaten to leak it if their demands are not met.
According to Canadian security service , LockBit operators are Russian-speaking and its affiliates are “one of the most prolific, destructive and lucrative ransomware groups in operation today”.
The FBI estimated that between January 2020 and June 2023, the LockBit gang launched 1,700 attacks against US organizations, many in critical infrastructure sectors. The group was found to have collected in total approximately $91 million.
