LockBit ransomware gang claims it leaked stolen Boeing data

LockBit published data allegedly stolen from Boeing after the ransomware gang claimed an attack against the aircraft manufacturing giant late last month.

LockBit, a notorious and prolific ransomware gang, claimed responsibility for an attack against Boeing on Oct. 27 when it listed the company on its data leak site. A ransom deadline of Nov. 2 was posted at the time, only for Boeing's name to be removed from the leak site shortly after. The company was listed again on the leak site several days later, with a new ransom deadline of Nov. 10. It's unclear why Boeing was temporarily removed from the LockBit leak site, but ransomware gangs typically remove listings for companies that either paid the ransom or were at least negotiating with the gang.

On Friday LockBit published a message to its leak site along with approximately 4 GB of data allegedly belonging to Boeing. "Boeing ignored our warnings. We will start to publish data. In [the] first batch we will publish just around 4GB of sample data (most recent)," LockBit's site read. "In [a] few days we will publish the databases if we do not see a positive cooperation from Boeing."

Following the release of the sample data, LockBit later published the entire cache of alleged Boeing data, which security researchers estimated to be around 40 GB.

TechTarget Editorial reached out to Boeing to confirm whether it had suffered a ransomware attack and whether the stolen data appeared legitimate. The company only confirmed that it "recently experienced a cybersecurity incident" and that it was aware of LockBit's claims.

"Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident," a Boeing spokesperson said. "We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities and potentially impacted parties, as appropriate."

The spokesperson continued, "We remain confident this incident poses no threat to aircraft or flight safety."

In an email, Emsisoft threat analyst Brett Callow referenced LockBit's claimed attacks against Boeing and the U.S. arm of the Industrial and Commercial Bank of China, and pushed for governments to impose stricter ransomware countermeasures.

"The fact that a ransomware operation was able to successfully attack one of the largest banks and one of the largest defense contractors is obviously a concern," he said. "If multibillion-dollar companies cannot secure their networks, what chance do cash-strapped school districts have? Governments really do need to rethink their counter-ransomware strategies and, in particular, consider either banning ransom payments completely or significantly restricting the circumstances in which they can be paid."

References to Boeing remain present on LockBit's leak site at press time. It's unclear what the ransom demand was.

Alexander Culafi is an information security news writer, journalist and podcaster based in Boston.