Boeing, the renowned aerospace and defense giant, is currently evaluating allegations made by the notorious ransomware group, LockBit, regarding the theft of a substantial amount of sensitive data from the company, as reported by multiple sources.
LockBit, a prominent ransomware-as-a-service (RaaS) group, posted a notice on its leak site, warning that sensitive data had been exfiltrated and was poised for publication unless Boeing initiated contact within the stipulated deadline. The notice read, “Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline! For now, we will not send lists or samples to protect the company, but we will not keep it like that until the deadline.”
Boeing is facing a deadline of November 2 to pay an undisclosed ransom to prevent the potential release of the data into the public domain. In response to the situation, a Boeing spokesperson informed Reuters that they are in the process of assessing the claim made by LockBit.
LockBit is widely recognized as one of the most successful RaaS groups in operation. In a joint alert issued by allied security agencies in June, LockBit was identified as the most deployed ransomware variant of 2022, with an estimated 1700 attacks occurring in the US since 2020. The agencies also estimated that LockBit had accumulated approximately $91 million from US victims alone since January 2020.
Hüseyin Can Yuceel, a researcher at Picus Security, pointed out that Boeing’s response in the coming days would largely depend on the quality of the exfiltrated data. Boeing may choose to negotiate with LockBit or disregard the ransom demands. Yuceel emphasized that LockBit is a financially motivated ransomware group known to provide decryption keys after the ransom is paid. However, he cautioned that organizations should remember they are dealing with criminals, and there is always a risk that they may not recover their files even if the ransom is paid. Furthermore, he noted that paying a ransom to ransomware groups is illegal in many countries. Yuceel advised organizations infected with ransomware to contact their respective countries’ cybersecurity agencies, such as CISA, NCSC, and JPCERT, as the best course of action.