LockBit Ransomware Group Exposes Boeing: 43GB of Stolen Data Released

The LockBit ransomware gang has made public data pilfered from Boeing, a major player in the aerospace industry servicing both commercial aeroplanes and defense systems. Prior to the data leak, LockBit hackers had warned Boeing about the impending release of data, even threatening to disclose a 4GB sample of the most recent files.

Boeing Data Breach Unveiled

LockBit ransomware successfully leaked over 43GB of files from Boeing after the aerospace company refused to comply with the ransom demands. Most of the data available on the hacker group’s leak site comprises backups for various systems, with the most recent backups timestamped as of October 22.

Deadline and Silence

On October 27, LockBit posted Boeing on their site and set a November 2nd deadline for the company to initiate negotiations. The hackers emphasized that they had acquired a substantial amount of sensitive data and were prepared to publish it. Although Boeing briefly disappeared from LockBit’s victim list, it reappeared on November 7, as the hackers declared that their warnings had gone unheeded.

Show of Force

With Boeing maintaining silence, the LockBit ransomware gang decided to exhibit their bargaining power. They threatened to release approximately 4GB of sample data, emphasizing that this was just a fraction of what they possessed. The hackers warned of publishing databases if positive cooperation from Boeing was not forthcoming.

Data Release and Speculation

On November 10, LockBit fulfilled its threat by releasing all the data it had obtained from Boeing. This included configuration backups for IT management software and logs for monitoring and auditing tools. The listing of backups from Citrix appliances sparked speculation about the potential use of the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which the exploit code was published on October 24.

Boeing’s Confirmation and LockBit’s Resilience

While Boeing acknowledged the cyberattack, the company refrained from providing details regarding the incident or how the hackers infiltrated their network. LockBit recognized as one of the most resilient ransomware-as-a-service (RaaS) operations, has been active for over four years, victimizing thousands across various sectors.

International Operations and Government Warnings

LockBit’s impact extends internationally, with victims including the Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland. In June, the U.S. government revealed that the gang had extorted approximately $91 million since 2020 through close to 1,700 attacks on various organizations. Additionally, in August, the Spanish National Police warned about a phishing campaign targeting architecture firms in Spain, aiming to encrypt systems using LockBit’s locker malware.

It is also to be noted that on September 2023, Ransomware group LockBit attacked Pelmorex Corp., the parent company of The Weather Network and on September 2021, Bangkok Airways was also a victim of the LockBit ransomware attack.