The notorious LockBit ransomware gang has exposed stolen data from Boeing, a global aerospace giant catering to commercial airplanes and defense systems. 

The cyberattack highlights that a "tremendous amount of data" was leaked in the recent incident.

Ignored: Boeing's Stolen Files at Risk

(Photo: Jornada Produtora from Unsplash) LockBit hackers initially threatened Boeing that they would leak 4GB of files if the latter did not comply with its request. However, the aerospace firm refused to pay a ransom.

LockBit hackers issued warnings to Boeing, emphasizing the imminent public exposure of sensitive data. 

Based on Bleeping Computer's report, a staggering 43 GB of files, primarily system backups, were disclosed after Boeing declined to meet the ransom demands. The cybercriminals had initially threatened to unveil a 4GB sample if negotiations weren't initiated.

Related Article: Mac is Now Targeted by the LockBit Gang, New Ransomware Surfaces-Beware

Timeline of Tensions: Countdown to Data Release

Boeing faced a Nov. 2 deadline to engage in negotiations after the hackers posted the company on their site on Oct. 27. 

Despite a temporary disappearance from LockBit's victim list, Boeing reappeared on Nov. 7, with the hackers underscoring the company's disregard for their warnings. Frustrated with Boeing's silence, the ransomware gang released a portion of the stolen data on Nov. 10.

Content of the Data Dump

LockBit's data release includes configuration backups for IT management software, logs for monitoring and auditing tools, and backups from Citrix appliances. 

Speculation arose about the exploitation of the Citrix Bleed vulnerability (CVE-2023-4966), with proof-of-concept exploit code surfacing on October 24.

While Boeing confirmed the cyberattack, details surrounding the breach remain undisclosed. The aerospace giant refrained from providing insights into the incident or the breach's specifics. 

LockBit's Prolific Reign: A Global Menace

LockBit, a resilient ransomware-as-a-service operation active for over four years, boasts an extensive list of victims across sectors. 

Notable targets include the Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland. The U.S. government, in a June statement, disclosed that LockBit extorted approximately $91 million since 2020 through nearly 1,700 attacks on various U.S. organizations.

Highlighting its international reach, LockBit's influence extended to Spain in August, with a phishing campaign targeting architecture firms.

The campaign aimed to encrypt systems using LockBit's locker malware, thus it shows the global scope and adaptability of the ransomware operation.

The impact of LockBit was so vast that 40% of the total ransomware cases in August 2022 were attributed to hacked LockBit 3.0 accounts.

At that time, security experts believed that cyberattacks would persist to impact several industries in the world. The ransomware cases were initially projected to inflict damage exceeding $30 billion in 2023.

If the hackers were caught red-handed this time, they might just rebrand and resume the operations in another place and with another set of devices to use.

It appears that security awareness among companies might be weakening as seen in previous cyberattacks. The best way to address these cases is to have a strong mitigation plan to minimize the risk during the process.

Read Also: Australia's Major Ports Reopen After Being Paralyzed by Cyberattack