LONDON (Reuters): Internal data from Boeing, one of the world’s largest defence and space contractors, was published online on Friday by Lockbit, a cybercrime gang which extorts its victims by stealing and releasing data unless a ransom is paid.
The hackers in October said they had obtained “a tremendous amount” of sensitive data from the aerospace giant and would dump it online if Boeing didn’t pay a ransom by Nov. 2.
According to a post on Lockbit’s website, the data from Boeing was published in the early hours of Friday morning. The files, which Reuters has not independently verified, mostly date to late October.
In a statement, Boeing confirmed that “elements” of the company’s parts and distribution business had experienced a cybersecurity incident.
“We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” Boeing said. “We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate.”
The company said it “remains confident” the event does not pose a threat to aircraft or flight safety, but declined to comment on whether defense or other sensitive data had been obtained by Lockbit.
Lockbit ransomware, first seen on Russian-language-based cybercrime forums in January 2020, has been detected all over the world, with organisations in the United States, India and Brazil among common targets, cybersecurity firm Trend Micro said last year.
It called the group “one of the most professional organised criminal gangs in the criminal underground”.
The group has hit 1,700 U.S. organisations, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
On Thursday, the Industrial and Commercial Bank of China’s (ICBC) U.S. arm was hit by a ransomware attack that disrupted trades in the U.S. Treasury market.
Several ransomware experts and analysts said Lockbit was believed to be behind the hack, although the gang’s dark web page, where it typically posts names of its victims, did not mention ICBC.
