[This article originally ran Nov. 2, 2023.]
- Update: Nov. 13, 2023: Malware gang LockBit has followed through with its threat to release data stolen from Boeing. The hackers on November 7 reiterated via their dark web site that if they did not "see a positive cooperation from Boeing" that the data woud be published.
- The stolen files, published on November 10, comprise 43 GB of data that according to BleepingComputer includes "config backups for IT management software, logs for monitoring and auditing tools."
- "Refusing to pay a ransom is the right thing to do. If everyone followed Boeing’s path, ransomware ROI would become an uneconomical vector, and eventually cease to exist,"Dror Liwer, co-founder of cybersecurity firm Coro, tells IndustryWeek.
Hackers may release critical data from the world's second-largest airplane maker if Boeing doesn't pay up soon.
Last Friday, October 27, the LockBit ransomware gang according to BleepingComputer announced on the group’s dark web site the theft of “a tremendous amount of sensitive data” from Boeing and threatened to publish the information unless Boeing contacted LockBit by November 2.
The cyberattackers specifically targeted Boeing Services, the company’s parts and distribution business.
“Organizations such as [Boeing] have a tremendous amount of intellectual property that spans both commercial and military industries, and the theft of that information and threat to leak it publicly could be a significant issue for the company and any impacted military services. These cyber criminals know this and use it to their advantage to request what is often a huge ransom from the victims,” Erich Kron, security awareness advocate at cybersecurity company KnowBe4, tells IndustryWeek.
Boeing has confirmed the company is assessing LockBit’s claim, cooperating with law enforcement and regulatory agencies and notifying customers and suppliers.
As of today, the Boeing Services website displays notice that the website is down for technical issues and that the incident has no effect on the safety of flight. Also according to BleepingComputer, notice about the hack and contact deadline no longer appears on LockBit’s dark web site.
“Generally speaking, the attackers will guarantee that the information is deleted if the ransom is paid; however, that simply means we have to trust the very criminals that broke into our systems, stole the data, and oftentimes disrupted critical business to do as they promise,” says Kron.
“When it comes to extremely valuable information, such as potentially sensitive information about military equipment, the odds are pretty good that other nation states will be willing to pay a significant amount for this information and the victim would never know it has been sold,” he adds.
The LockBit group, believed to be based in Russia, is responsible for a number of high-profile hacks including the Port of Nogoya in Japan, from which Toyota Motor Corporation ships parts and vehicles, that the gang hacked in July.
The Cybersecurity and Infrastructure Security Agency (CISA) identified LockBit as the most deployed ransomware variant in the world in 2022 that “continues to be prolific” in 2023.