Aerospace giant Boeing says it is “assessing” claims by a notorious ransomware group that it has stolen a “tremendous amount” of sensitive data from the firm, according to reports.
The US aircraft and defense manufacturer was forced to respond after a new entry appeared on the leak site of LockBit, one of the most prolific ransomware-as-a-service (RaaS) groups operating today.
“Sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!” it noted. “For now we will not send lists or samples to protect the company but we will not keep it like that until the deadline.”
Boeing has until November 2 to pay an undisclosed ransom, or it will risk this data ending up in the public domain.
“We are assessing this claim,” a Boeing spokeswoman told Reuters.
Read more on LockBit: LockBit Dominates Ransomware Campaigns in 2022: Deep Instinct
LockBit is one of the most successful RaaS groups around. An alert from allied security agencies in June claimed it was the most deployed ransomware variant of 2022 and accounted for around 1700 attacks in the US since 2020.
The agencies claimed LockBit had made an estimated $91m from US victims alone since January 2020.
Picus Security researcher, Hüseyin Can Yuceel, argued that the quality of the exfiltrated data will determine Boeing’s response in the coming days – whether it negotiates with LockBit or dismisses its demands.
“LockBit is a financially motivated ransomware group that is well known to provide the decryption key after the ransom is paid. Were that not the case, they could not operate their ransomware business,” he added.
“However, organizations should know that they are dealing with criminals, and there is always a risk that they may not recover their files even if the ransom is paid. Paying ransom to ransomware gangs is also illegal in many countries. The best option for organizations infected with ransomware is to contact their countries’ cybersecurity agencies, such as CISA, NCSC, and JPCERT.”