LockBit group releases 50 GB of stolen Boeing data following ransom rebuff

The LockBit ransomware group has reportedly published about 50 GB of data records it stole from aerospace giant Boeing’s network in late October.

The prolific Russia-affiliated LockBit ransomware group listed the global aerospace giant as a victim on its data leak site on 27th October, stating that it stole “tremendous amounts of sensitive data” from the company’s servers and gave the company five days to pay a ransom to recover the data.

The ransomware group did not share any sample data to validate its claims apparently to “protect the company”, but promised that it will publish the same once the deadline expires.

 

Ransomware research firm "MalwareHunterTeam" announced on Friday that the LockBit group released certain files it stole from Boeing’s systems after the ransom payment deadline expired. Malware researcher Dominic Alvieri opined that the group possibly exploited a Citrix Bleed vulnerability, assigned CVE-2023-4966, to infiltrate Boeing’s network and exfiltrate data.

 

After LockBit released the stolen files on its leak site, Boeing said it was aware of the group’s recent activities and is investigating the incident with assistance from US federal law enforcement authorities.

“Elements of Boeing’s parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” the company said.

“We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety.”

Based on recent reports, it appears Boeing initially engaged with the ransomware actors and explored the possibility of paying a ransom before breaking off contact with the group. In early November, malware research firm vx-underground said the LockBit group removed Boeing from its list of victims after the aviation giant agreed to negotiate with the hackers.

“We keep getting pinged. Yes, Boeing has been removed from Lockbit ransomware groups website. Lockbit administrative staff informed us they removed Boeing because negotiations have begun. We don’t know anything else,” vx-underground said.