A huge hoard of Boeing data leaked by LockBit ransomware

Negotiations between aero giant and hackers broke down

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The operators of the LockBitransomwarehave published 43GB of Boeing data after failing to negotiate ransom terms with the company.

The data seems to be backups from different company systems and includes configuration backups for IT management software and logs for monitoring and auditing tools.

As reported byBleepingComputer, LockBit first added Boeing to its data leak site on October 27 and urged the company to reach out and negotiate a ransom payment by November 7.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Ignored warnings

“A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do not contact within deadline,” the hackers warning read. “For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”

Soon after, Boeing disappeared from LockBit’s site,  which could mean that the company did try to come to an understanding with the attackers. However, come November 7, Boeing’s name was back. LockBit said its warnings were ignored:

“Boeing ignored our warnings. We will start to publish data,” the updated announcement reads. “In first batch we will publish just around 4GB of sample data (most recent).” That data had an October 22 timestamp, the publication explained.

Three days later, the entire database leaked. Roughly 43GB of sensitive information, which included backups from Citrix appliances. This led some people to speculate that LockBit infiltrated Boeing by exploiting the CitrixBleed vulnerability, which was discovered roughly a month ago and was observed being abused in the wild.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

In fact, cybersecurity researchers from Mandiant recently reported that various government institutions, legal organizations, and other firms across the world were being targeted with ransomware via CitrixBleed. The campaigns allegedly started in late August this year.

Boeing confirmed the breach but did not discuss the details.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

3 reasons why PIA fell in our best VPN rankings

I’ve covered Black Friday for eight years and these are the deals I’d buy from the early sales