After Boeing declines to pay up, ransomware group leaks 45 GB of data

Ransomware hackers warned aircraft industry giant Boeing they were going to leak data if their price wasn’t met—and on November 10, they did just that, publishing nearly 45 gigabytes of company data online.

LockBit, a Russia-linked hacking gang, claimed responsibility for the attack on Oct. 27. “Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!” the gang posted on its data leak site. As IT Brew has reported, ransomware has been a major problem in 2023, and gangs are now able to deploy malware quicker than ever.

Boeing acknowledged the hack the same day. In a Nov. 2 email to Cybersecurity Dive, the company said that it was “aware of a cyber incident impacting elements of our parts and distribution business,” but “this issue does not affect flight safety.”

After the deadline came and went, LockBit followed through on its threat, posting a large amount of company information online. The leak included cloud computing company Citrix files, security controls, email backups, and more. Cybersecurity analyst Dominic Alvieri told The Register that corporate emails were included in the leak.

“I haven’t gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent,” Alvieri said.

MalwareHunter Team reviewed the leak and suggested it likely came from Aviall, the parts distributor Boeing purchased in 2006. Because of 17 years of Aviall integration with Boeing systems, MalwareHunter Team opined that the severity of the breach could be worse than is already known.

“Question is how much the networks of the companies got merged in the past 17 years,” the team tweeted. “Because if not too much & LockBit really only pwned the networks of Aviall, the problem is not very much bad, ‘simply’ bad for Boeing.”