On Friday, the ransomware group LockBit disclosed data purportedly associated with Boeing, approximately a week following Boeing’s confirmation of a cyberattack. The leaked information comprises over 43GB of backup files allegedly stolen by LockBit from Boeing, as reported by Bleeping Computer.
As of Monday afternoon, Boeing’s services website remained inaccessible. A notice on the site acknowledged a cyber incident affecting Boeing’s parts and distribution business, emphasizing that it did not compromise the safety of the company’s aircraft. A Boeing spokesperson informed Engadget, “In connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate.”
The chain of events commenced on October 27 when LockBit identified Boeing as a victim on its website, setting a deadline for negotiation until November 2. Although Boeing was briefly removed from LockBit’s list of victims, the ransomware group reinstated it on November 7, claiming that Boeing had neglected negotiation attempts. Initially threatening to release 4GB of sample data, LockBit ultimately disclosed all stolen data on November 10.
The released Boeing backup data encompasses configuration data for IT management software, audit and monitoring logs, and certain Citrix information thought to be linked to a prior exploit.
LockBit has gained infamy as a ransomware group since its debut on Russian cybercrime forums in January 2020. According to the FBI, there have been approximately 1,700 LockBit-related attacks in the US, with companies paying around $91 million in ransoms to the gang. Among the victims are the Chinese bank ICBC, chip giant Taiwan Semiconductor Manufacturing Company, and Canadian book seller Indigo Books and Music, among others.