LockBit Ransomware leaks gigabytes of Boeing data
The LockBit Ransomware gang published data stolen from Boeing, one of the largest aerospace companies serving commercial aircraft and defense systems.
Before the leak, the LockBit hackers said Boeing ignored warnings that the data would become publicly available and threatened to release a roughly 4GB sample of the latest files.
Backup data has been published
LockBit Ransomware leaked over 43GB of files from Boeing after the company refused to pay a ransom.
Most of the data listed on the hacker group’s leak site are backups of various systems, the most recent with a timestamp of October 22.
The ransomware representative posted Boeing on its site on October 27 and gave the company a deadline of November 2 to contact it and enter into negotiations.
The hackers said at the time that they had stolen a “huge amount of sensitive data” and were prepared to release it.
Boeing disappeared from the list of LockBit victims for a while, but was included again on November 7, when the hackers announced that their warnings had been ignored.
When the company continued to remain silent, the LockBit ransomware gang decided to show that it had a bargaining chip and threatened to release “only about 4 GB of (the most recent) data samples.”
The hackers also threatened that they would release the databases “if we do not see positive cooperation from Boeing.”
On November 10, LockBit posted on its website all the data it had from Boeing. Among the files are configuration backups for IT management software, and logs for monitoring and auditing tools.
Backups from Citrix machines were also listed, sparking speculation about LockBit ransomware using the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which proof-of-concept exploit code was published on October 24.
While Boeing confirmed that the cyberattack occurred, the company did not provide any details about the incident or how hackers penetrated its network.
LockBit is one of the most resilient ransomware-as-a-service (RaaS) operations, having been active for over four years and causing thousands of victims across various sectors.
Victims include automobile giant Continental, Britain’s Royal Mail, the Italian Inland Revenue Service, and the City of Auckland.
The US government said in June that the gang had extorted about $91 million since 2020 in nearly 1,700 attacks against various organizations in the country.
However, the gang operates internationally. In August, Spain’s National Police warned of a phishing campaign targeting architecture firms in the country for encrypting systems with the LockBit malware.