The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
Before the leak, LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files.
Backup data published
LockBit ransomware has leaked more than 43GB of files from Boeing after the company refused to pay a ransom.
Most of the data listed on the hacker group’s leak site are backups for various systems, the most recent of them with an October 22 timestamp.
The ransomware actor posted Boeing on their site on October 27 and gave the company a November 2nd deadline to contact them and engage in negotiations.
The hackers said at the time they had stolen “a tremendous amount of sensitive data” and were ready to publish it.
Boeing disappeared from LockBit’s list of victims for a period but was listed again on November 7, when the hackers announced that their warnings had been ignored.
When the company continued to be silent, the LockBit ransomware gang decided to show that they had a bargaining chip and threatened to publish “just around 4GB of sample data (most recent).”
The hackers also threatened that they would publish the databases “if we do not see a positive cooperation from Boeing.”
On November 10, LockBit released on their site all the data they had from Boeing. Among the files are configuration backups for IT management software, and logs for monitoring and auditing tools.
Backups from Citrix appliances are also listed, which sparked speculation about LockBit ransomware using the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which proof-of-concept exploit code was published on October 24.
While Boeing confirmed the cyberattack, the company did not provide any details about the incident or how the hackers breached its network.
LockBit is one of the most resilient ransomware-as-a-service (RaaS) operations, having been active for more than four years and making thousands of victims across various sectors.
Among the victims are Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland.
The U.S. government said in June that the gang extorted about $91 million since 2020 in close to 1,700 attacks against various organizations in the country.
However, the gang operates internationally. In August, the Spanish National Police warned of a phishing campaign that targeted architecture firms in the country to encrypt systems with LockBit’s locker malware.
Comments
h_b_s - 3 months ago
If they only got 43 GB of data from Boeing they obviously didn't get very far into the Boeing network. That's barely a couple of lightly utilized laptop backups, or maybe one satellite office's design data.
Wannabetech1 - 3 months ago
Doesn't it depend on what they have? Also, couldn't they go back for more?
h_b_s - 3 months ago
"Doesn't it depend on what they have?"
Not especially. I grant that 40 GB of compressed text is different than 40GB of CAD files when single files can be GBs each, but generally speaking the quality of data isn't all that important against the quantity these days due to the bloat factor built into most software. 10 GB of files from 2010 would arguably be more damaging than 40 GB today when we're measuring corporate data in terabytes and petabytes, even in HR. Most gangs are "smash and grab". They find what they think is important then begin exfiltrating. That doesn't necessarily mean it's all useful data, or all marketable. If it were 40GB of exclusively classified data or confidential HR data, yes, but a generic haul... not very impressive.
"Also, couldn't they go back for more?"
Not likely once discovered.