LockBit Ransomware Group Leaks Boeing’s Data After Ransom Refusal

November 12, 2023

The LockBit ransomware group has released data stolen from Boeing, a major player in the aerospace industry that caters to both commercial aviation and defense systems. Prior to the data leak, the LockBit hackers claimed that Boeing disregarded warnings about the impending public release of their data and threatened to disclose a sample of the most recent files, roughly 4GB in size. After Boeing refused to pay a ransom, the LockBit group proceeded to leak more than 43GB of files. The leaked data, as seen on the hacker group's website, are predominantly backups for various systems, the latest of which was timestamped October 22.

The ransomware actors listed Boeing on their site on October 27, providing a deadline of November 2 for the company to initiate contact and negotiate. The hackers declared at the time that they had pilfered 'a tremendous amount of sensitive data' and were prepared to release it. Although Boeing was removed from LockBit's list of victims temporarily, it reappeared on November 7, with the hackers stating that their warnings were disregarded. As Boeing maintained its silence, the LockBit group decided to demonstrate their leverage and threatened to release 'just around 4GB of sample data (most recent).' They further warned that they would release the databases 'if we do not see a positive cooperation from Boeing.' On November 10, LockBit released all the data they had acquired from Boeing on their site.

The released files include configuration backups for IT management software, and logs for monitoring and auditing tools. Backups from Citrix appliances were also disclosed, leading to speculation that the LockBit ransomware might have exploited the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which a proof-of-concept exploit code was published on October 24. Boeing confirmed the cyberattack but did not provide any additional information about the incident or how the hackers managed to breach its network.

LockBit is a resilient ransomware-as-a-service (RaaS) operation, having been active for over four years and victimizing thousands across various sectors. The list of victims includes Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland. In June, the U.S. government reported that the gang had extorted approximately $91 million since 2020 in nearly 1,700 attacks against various organizations in the country. However, the gang's operations are not limited to the U.S. In August, the Spanish National Police issued a warning about a phishing campaign targeting architecture firms in the country to encrypt systems with LockBit’s locker malware.

Related News

• Citrix Urges Immediate Patching of NetScaler CVE-2023-4966 Vulnerability Amid Ongoing Attacks
• Citrix NetScaler Vulnerability Exploited as Zero-Day since August
• Critical Vulnerability Detected in Citrix NetScaler Devices Could Expose Sensitive Information

Latest News

• CISA Adds Five Juniper Vulnerabilities to Known Exploited Vulnerabilities Catalog
• Zero-Day Alert: SysAid IT Support Software Vulnerability Exploited by Lace Tempest
• CISA Alerts on Active Exploitation of SLP Vulnerability Enabling High-Impact DoS Attacks
• Veeam Addresses Multiple Vulnerabilities in Veeam ONE Platform
• Critical Atlassian Confluence Vulnerability Exploited in Cerber Ransomware Attacks