LockBit claims theft of sensitive data from Boeing
The ransomware group reportedly breached the company via a zero-day exploit
Boeing, the aerospace giant, has apparently become the latest target of a Russian-linked ransomware group known as LockBit.
The group announced its intrusion of the aerospace company on Friday on its dark web leak site, claiming to have stolen a substantial amount of the sensitive data from the company's systems.
LockBit threatened to release the data if Boeing does not comply with their demands by a 2nd November deadline.
"Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!" the group said.
"For now, we will not send lists or samples to protect the company, BUT we will not keep it like that until the deadline."
The hackers did not specify the volume of data stolen nor the exact ransom amount they are demanding from Boeing.
Vx-underground, a group of malware researchers, said they discussed the attack with the LockBit's leaders.
The attackers told them they have not yet communicated with Boeing and refused to disclose the nature of the exfiltrated data. They claimed to have breached the company via a zero-day exploit, although they did not reveal additional details about this vulnerability.
Notably, LockBit has given Boeing a relatively short six-day window for negotiations, whereas victims are typically provided with ten days to reach out to cybercriminals.
Boeing's spokesperson told Reuters that they are assessing the attacker's claim, indicating that the company is taking the situation seriously.
The potential implications of this claimed hack are substantial, given Boeing's extensive involvement with military clients and the fact that it is currently in the process of building the new pair of heavily-modified 747-8 planes to serve as the next Air Force One, the official transport for the US President.
LockBit is known for its tactic of deploying ransomware to lock victim organisations' systems and simultaneously stealing sensitive data for extortion purposes.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), LockBit has been responsible for over 1,700 attacks on US organisations since its emergence in January 2020.
One particularly alarming detail is the substantial sum that the LockBit group has collected from US entities in the form of ransom payments.
The group has received approximately $91 million in ransoms paid by US organisations, adding to the growing concerns about the financial impact of such cyberattacks.
"LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance in observed ransomware TTPs presents a notable challenge for organisations working to maintain network security and protect against a ransomware threat," CISA noted.
The latest threat to Boeing adds another layer of complexity to the ongoing battle against cybercrime.
As the aerospace industry is highly reliant on sensitive and proprietary data, Boeing faces a daunting challenge in responding to the LockBit gang's demands.
The incident serves as a stark reminder of the ever-present danger of ransomware attacks and the need for organisations to remain vigilant in safeguarding their data and systems from increasingly sophisticated attackers.