LockBit ransomware threat looms for Boeing

Nov. 3, 2023
The cyber attackers specifically targeted Boeing Services, the company’s parts and distribution business.

This story originally appeared in IndustryWeek.

Boeing may suffer serious consequences with the release of critical data if it doesn't pay a ransomware demand from one of the world's most prolific ransomware variants.

The LockBit ransomware gang, according to BleepingComputer, announced Oct. 27 on the group’s darkweb site the theft of “a tremendous amount of sensitive data” from Boeing and threatened to publish the information if the world's second-largest airplane maker contacted LockBit by Nov. 2.

The cyberattackers specifically targeted Boeing Services, the company’s parts and distribution business, reported IndustryWeek, a sister publication of SecurityInfoWatch..

“Organizations such as [Boeing] have a tremendous amount of intellectual property that spans both commercial and military industries, and the theft of that information and threat to leak it publicly could be a significant issue for the company and any impacted military services. These cyber criminals know this and use it to their advantage to request what is often a huge ransom from the victims,” Erich Kron, security awareness advocate at cybersecurity company KnowBe4, tells IndustryWeek.

Boeing has confirmed the company is assessing LockBit’s claim, cooperating with law enforcement and regulatory agencies and notifying customers and suppliers.

As of today, the Boeing Services website displays notice that the website is down for technical issues and that the incident has no effect on the safety of flight. Also according to BleepingComputer, notice about the hack and contact deadline no longer appears on LockBit’s darkweb site.

“Generally speaking, the attackers will guarantee that the information is deleted if the ransom is paid; however, that simply means we have to trust the very criminals that broke into our systems, stole the data, and oftentimes disrupted critical business to do as they promise,” says Kron.

“When it comes to extremely valuable information, such as potentially sensitive information about military equipment, the odds are pretty good that other nation states will be willing to pay a significant amount for this information and the victim would never know it has been sold,” he adds.

The LockBit group, believed to be based in Russia, is responsible for a number of high-profile hacks including the Port of Nogoya in Japan, from which Toyota Motor Corporation ships parts and vehicles, that the gang hacked in July.

The Cybersecurity and Infrastructure Security Agency (CISA) identified LockBit as the most deployed ransomware variant in the world in 2022 that “continues to be prolific” in 2023.