Ransomware group LockBit leaked data allegedly belonging to Boeing on Friday, about a week after the aerospace giant confirmed it had fallen victim to a cyberattack. The leak includes more than 43GB of backup files that LockBit says it stole from Boeing, according to Bleeping Computer.
As of Monday afternoon, the Boeing services website remained out of order. A notice posted to the site acknowledged a cyber incident affecting Boeing’s parts and distribution business, but reiterated that it did not impact the safety of its aircrafts. “In connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” a Boeing spokesperson told Engadget. “We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate.”
The saga started on October 27 when LockBit listed Boeing as a victim on its website, saying that the company had until November 2 to negotiate a payment. While LockBit briefly removed Boeing from its list of victims on its website, the ransomware gang returned on November 7 stating that Boeing had ignored its attempts to negotiate. LockBit initially threatened to release 4GB of sample data before it decided to leak all of the data it had stolen on November 10.
The Boeing backup data released by LockBit includes configuration data for IT management software, auditing and monitoring logs and some Citrix information believed to be connected to a previous exploit.
LockBit has grown into a notorious ransomware gang since its first appearance on Russian cybercrime forums in January 2020. There have been about 1,700 attacks in the US linked to LockBit, with companies paying about $91 million in ransoms to the gang, according to the FBI. Victims include the Chinese bank ICBC, chip giant Taiwan Semiconductor Manufacturing Company and Canadian book seller Indigo Books and Music, among others.