It would seem that the global leader in aerospace, Boeing, is the most recent victim of the ransomware gang known as LockBit, which has ties to Russia.
On Friday, the gang claimed on its dark web leak site that it had broken into the aerospace business and taken a significant quantity of sensitive data from the company’s computer systems. The organisation declared its breach of the company’s security on Friday. LockBit has threatened to make the data public if Boeing does not comply with their requests by November 2nd, the timeframe for which has been set.
“Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!” according to the organisation. “For now, we will not send lists or samples to protect the company, BUT we will not keep it like that until the deadline.”
The hackers did not indicate the quantity of data that was taken from Boeing, nor did they reveal the precise ransom sum that they are seeking.
A group of malware researchers known as Vx-underground claimed that they had a conversation about the attack with the founders of LockBit.
They were informed by the attackers that they had not yet been in contact with Boeing, and the attackers declined to identify the kind of material that was stolen. They stated that they were able to get into the organisation using a zero-day attack, but they did not give any other information about this security flaw.
Notably, LockBit has offered Boeing with an unusually limited window for talks of six days, when victims are normally given 10 days in which to communicate with the hackers who have targeted them. A spokeswoman for Boeing indicated to Reuters that the firm is taking the incident seriously by stating that they are evaluating the attacker’s allegation and that they are currently doing so.
Given Boeing’s extensive involvement with military clients and the fact that the company is currently in the process of building a new pair of heavily modified 747-8 planes to serve as the next Air Force One, the official transport for the US President, the potential implications of this alleged hack are significant.
LockBit is notorious for its strategy of using ransomware to lock down the computer systems of target businesses while simultaneously obtaining sensitive data for the aim of blackmailing the organisations. Since it first appeared in January 2020, the LockBit ransomware has been linked to over 1,700 cyberattacks on organisations in the United States, as reported by the Cybersecurity and Infrastructure Security Agency (CISA) of the United States.
The fact that the LockBit gang has received a large quantity in ransom payments from businesses located in the United States is one of the details that is especially concerning. The fact that the gang has been paid a ransom of around 91 million dollars by businesses based in the United States adds to the mounting worries over the monetary effect of such attacks.
Affiliates are recruited to carry out ransomware attacks using LockBit ransomware tools and infrastructure as part of the LockBit ransomware operation, which runs as a Ransomware-as-a-Service (RaaS) model. Attacks using the LockBit ransomware are quite variable in terms of the observed tactics, methods, and procedures (TTPs) this is because the operation is comprised of a huge number of disconnected affiliates. “Organisations that are working to maintain network security and protect against a ransomware threat face a significant challenge as a result of this variation in observed ransomware TTPs,” warned CISA.
A new level of complication has been added to the continuing fight against cybercrime as a result of the most recent threat to Boeing. In order to satisfy the demands of the LockBit gang, Boeing must first overcome the formidable obstacle presented by the fact that the aerospace sector is largely dependent on confidential and private data. The event serves as a clear reminder of the ever-present risk posed by ransomware attacks and the need for businesses to maintain vigilance in protecting their data and systems from cybercriminals who are becoming more adept.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.