In a world where cyber threats loom large, even the most prominent global entities aren’t immune to the clutches of cyber criminals. The latest victim in the crosshairs of the notorious LockBit ransomware gang is none other than Boeing, the aerospace giant, commercial jetliner manufacturer, and a significant player in the US military and defence sector. This shocking development, which came to light on a dark web leak site, has sent shockwaves through the cyber security community.
LockBit’s Bold Claim
The LockBit ransomware group, known for its Russian connections and a history of relentless attacks, proudly announced Boeing as its latest conquest on a Friday afternoon. The revelation appeared around 2 p.m. ET on its dark leak site, leaving the world stunned. Boeing, however, responded to these claims cautiously, stating, “We are assessing this claim,” just after 4:40 p.m. ET, according to a spokesperson for the company.
LockBit, not one to mince words, warned that it had a substantial amount of sensitive data at its disposal, and it vowed to publish it unless Boeing reached out to them by a November 2nd deadline, set at 1:23 pm UTC – a mere six days from the day of their claim. In a menacing tone, LockBit declared, “For now, we will not send lists or samples to protect the company, BUT we will not keep it like that until the deadline.” The group left no room for ambiguity, stating, “All available data will be published!”
While LockBit has not revealed the precise volume of data allegedly stolen from Boeing, they did peg the combined worth of the company and its subsidiaries at a staggering $60 billion. This aviation and space technology juggernaut is a global leader, involved in the development, manufacturing, selling, servicing, and support of commercial jetliners, military aircraft, satellites, missile defence, human space flight, and launch systems and services worldwide.
According to experts in malware research, LockBit claims they have yet to establish communication with Boeing, and they’ve remained tight-lipped about the nature of the data they may have exfiltrated. The attackers asserted that they gained access through a zero-day exploit but provided no further details about this supposed vulnerability.
Ransomware Negotiation Time Frame
What’s intriguing about this situation is that LockBit extended a mere six-day window for negotiations, which is notably shorter than the customary ten days that victims are typically given to contact cyber criminals.
In a rather mysterious twist, Boeing was delisted from LockBit’s dark web blog sometime between October 30 and October 31. Such removal from the dark web blog often implies that negotiations might be underway or that the company has agreed to meet the demands of the criminals.
We’ve reached out to Boeing for clarification regarding their removal from the dark web blog, and we await their response.
LockBit made its debut on the ransomware scene in late 2019, and since then, it has risen to the top of the cybercriminal hierarchy. Their reach extends across the United States and around the globe, with victims spanning Asia, Europe, and Africa.
Their infamous ransomware variant, LockBit 3.0 (or LockBit Black), is now in its third iteration, widely regarded as the most evasive version to date, according to a report by the US Department of Justice. Interestingly, this variant shares some similarities with other Russian-linked ransomware strains, including BlackMatter and BlackCat (ALPHV/BlackCat).
Affiliates deploying LockBit 3.0 utilize various methods to infiltrate victim networks, such as RDP exploitation, drive-by compromises, phishing campaigns, abuse of valid accounts, and the exploitation of public-facing applications, as highlighted in the DOJ report.
The group has reportedly amassed tens of millions of dollars in ransom payments, all collected in Bitcoin. However, their operations are not without challenges.
A profile by chief security analyst Jon DiMaggio of Analyst 1 revealed that LockBit has been grappling with internal management issues, causing them to fail in publishing stolen data as they promised in their threats to victims. Instead, they’ve been relying on their infamous reputation and empty threats to persuade victims to pay their ransom demands.
As the cyber security world closely watches this unfolding drama, one can only hope for a peaceful resolution that protects Boeing and its invaluable data.
We hope you’ve enjoyed this blog. Be sure to watch out for our future weekly blog releases and thanks for reading!