Impatient LockBit says it's leaked 50GB of stolen Boeing files after ransom fails to land
Aerospace titan pores over data to see if dump is legit
The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand.
The gang dumped the files online early Friday morning. This latest leak includes about 50GB of data in the form of compressed archives and backup files for various systems.
The full release comes after the extortionists uploaded some files said to be related to company finances and marketing activities as well as supplier details.
Screenshots of the stolen info showed several Citrix logs, which has led to some speculation that LockBit exploited Citrix Bleed to break into the defense contractor's systems. Boeing has so far refused to comment on the initial point of entry into its systems.
Neither data dump has been verified by The Register, and Boeing declined to answer specific questions about the incident or the stolen files. A spokesperson sent us this comment via email:
Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety.
According to security researcher Dominic Alvieri, the files also contained corporate emails.
"I haven't gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent," Alvieri told The Register.
- Boeing acknowledges cyberattack on parts and distribution biz
- 'Mass exploitation' of Citrix Bleed underway as ransomware crews pile in
- China's top bank ICBC hit by ransomware, derailing global trades
- Strangely enough, no one wants to buy a ransomware group that has cops' attention
LockBit first listed the aircraft giant on its dark-web site on October 28, and on November 2 Boeing confirmed to The Register it had suffered an IT intrusion. At the time, a spokesperson said the break-in affected the manufacturer's parts and distribution business.
By then, however, the ransomware crew had removed Boeing from its leaks site and told the malware librarians at VX Underground that it was negotiating with the US corporation. It appears that the negotiations failed — or possibly the multinational determined that the criminals hadn't accessed any sensitive info, and thus it wouldn't pay to pay the extortion demand, or no talks ever actually took place — and Boeing is now back on the LockBit extortion website
Also this week, China's largest bank, ICBC, was hit by a ransomware attack that disrupted financial services systems on Thursday Beijing time. LockBit told VX-Underground that it was was responsible for this break-in, too. ®