Boeing, the aeroplane manufacturer and defence and space contractor, yesterday announced that it was investigating a “cyber incident” five days after ransomware group LockBit announced it had gained access to the company’s systems.
The cybercriminal group made the announcement on its leak site which was shared by cybersecurity analyst Dominic Alvieri on X.
Bad news for Boeing
— Dominic Alvieri (@AlvieriD) October 27, 2023
The post lists a 2 November deadline whereafter the group will publish the “tremendous amount of sensitive data” it stole if Boeing fails to meet its demands. The cybercriminal group claims it was able to access Boeing’s systems through a zero-day exploit.
In a statement made yesterday, Boeing said that the attack had affected its parts and distribution business but that flight safety was not affected.
Notably, the aerospace company didn’t mention anything to indicate it had paid the ransom amount or that it had contacted LockBit to negotiate. However, the threat post was no longer viewable on the group’s leak site yesterday evening, according to a Reuters report. That usually means one of those things has happened.
It’s possible the group’s website was hacked and the post removed or maybe it got cold feet after targeting one of the largest defence contractors in the world. But we very much doubt that last year’s most active ransomware group, which usually uses ransomware to cripple a victim’s systems but not before pinching sensitive files and documents for extortion purposes, is the nervous sort.
The typical response to these kinds of attacks is for the affected company to call the attacker’s bluff. Even if payment is made, there’s no guarantee the attacker will delete the stolen files and not just publish them anyway.
However, this particular incident may require a different approach due to the possibility of military or defence-related files being made public. That could be very bad. Certainly for Boeing, probably for the US Air Force, and possibly even for NASA.