LockBit has claimed to have stolen a large amount of data from aerospace defense firm Boeing and threatened to release files if a ransom is not agreed.
The ransomware group issued a post on its dark web disclosure site on 28 October, claiming to have data ready to release on the deadline of 2 November at 13:25:39 UTC.
“A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do [sic] not contact within the deadline!” the group stated.
“For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”
LockBit is known to use double extortion ransomware tactics, in which attackers not only encrypt the data of their victims but also exfiltrate and threaten to leak it as an additional incentive for them to pay a ransom.
Boeing is one of the largest defense contractors in the world and a household name in the aerospace and telecommunications sectors. The firm processes and storage vast quantities of highly sensitive data.
If proprietary data or information pertaining to defense contracts was included in a breach, the company could suffer reputationally.
The malware and source code collective vx-underground said it had spoken to LockBit members, who claimed to have used a zero-day exploit to access the data. The group provided no further details on the attack chain or the nature of the data allegedly exfiltrated by LockBit
Yesterday Lockbit ransomware group listed Boeing on their victims list. Boeing is a multinational American company with an estimated annual revenue of $66,610,000,000. They have over 150,000 employees worldwide. Boeing serves both the public and private sector.We spoke with… pic.twitter.com/gOiGcdWpAkOctober 28, 2023
Boeing has yet to provide additional details on the claims from LockBit.
"We are assessing this claim,” a spokesperson from Boeing told ITPro.
“Boeing appears to be in Lockbit-controlled airspace now. Its name has been added to the leak site, the clock is ticking down to zero, and Lockbit is dictating terms,” said Hüseyin Can Yuceel, researcher at Picus Security.
“The quality of the stolen documents may have a significant bearing on Boeing’s actions this week. Boeing may either choose to dismiss LockBit’s demands or try to negotiate before Thursday.”
LockBit has a track record of claiming attacks on victims who state they have detected no breach in their systems.
Learn about how the encrypted threat landscape has changed over time
DOWNLOAD NOW
In June 2022 the group stated it had stolen data from the cyber security firm Mandiant, a claim that the supposed victim refuted, and in November of that year a Thales investigation found no evidence of a supposed LockBit data breach.
But LockBit is also known for its persistent and aggressive stance, and its ransomware strain remains the most used worldwide.
In January 2023, the group hacked Royal Mail and demanded a £65 million ransom. As talks failed to yield a payout, the group leaked 44GB of Royal Mail’s data including HR records and salary files, and lowered the ransom to £33 million.
The US Department of Justice (DoJ) has also put LockBit in its sights with a string of arrests, the latest having occurred with the charging of Russian national Ruslan Magomedovich Astamirov with conspiracy to damage computers for ransom and commit wire fraud.
A Cybersecurity and Infrastructure Security Agency (CISA) report on the group published in June 2023 found that 16% of all US government ransomware incidents in 2022 led back to LockBit.
