30 October 2023

Boeing investigates LockBit’s claims of data theft


Boeing investigates LockBit’s claims of data theft

US aerospace and defense giant The Boeing Company is investigating a claim made by a LockBit ransomware gang that it had stolen “a tremendous amount of sensitive data” from the firm, which they threaten to leak if a ransom is not paid until November 2, 2023.

A LockBit admin told the vx-underground malware research team that the group has yet to contact Boeing about the theft and refused to further elaborate on the matter, so it’s not clear for how long the gang had access to Boeing’s systems, how much information was stolen or what kind of data was exfiltrated.

LockBit claimed their ransomware affiliate got access to the company’s systems by exploiting a zero-day vulnerability, but provided no further details on the exploit.

“We are assessing this claim,” a Boeing spokesperson said.

First observed in 2019, the LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. LockBit has gained notoriety for its sophisticated and ruthless strain of ransomware. It infiltrates computer systems, encrypts sensitive data, and demands hefty ransoms.

LockBit attacks typically employ a double extortion tactic to encourage victims to pay, first, to regain access to their encrypted files and then to pay again to prevent their stolen data from being posted publicly

In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023.

 

Back to the list

Latest Posts

FIN7 cybercrime gang offers new EDR bypass tool on dark web

FIN7 cybercrime gang offers new EDR bypass tool on dark web

AvNeutralizer is being advertised for prices ranging between $4,000 and $15,000 on various cybercrime forums.
17 July 2024
Critical Apache HugeGraph vulnerability exploited in the wild

Critical Apache HugeGraph vulnerability exploited in the wild

Users are strongly recommended to upgrade to the fixed version as soon as possible.
17 July 2024
TAG-100 cyberspies target Citrix, F5, Cisco appliances in at least 10 countries

TAG-100 cyberspies target Citrix, F5, Cisco appliances in at least 10 countries

The threat actor has employed the Go-based backdoors Pantegana and SparkRAT for post-exploitation.
17 July 2024