Aerospace giant Boeing has confirmed that it is dealing with a “cyber incident,” following its recent listing on the leak site of the LockBit ransomware gang. The company’s spokesperson, Jim Prolux, stated that the attackers targeted certain aspects of Boeing’s parts and safety business. However, Prolux emphasized that the incident has no impact on flight safety. Boeing is currently in the process of investigating the incident and is working closely with law enforcement and regulatory authorities. The company is also taking steps to inform affected customers and suppliers.
Key Takeaway
Boeing has confirmed a cybersecurity incident after being targeted by the LockBit ransomware gang. The company is actively investigating the incident, cooperating with authorities, and informing affected parties. The incident has had no impact on flight safety. The U.S. government has previously sanctioned ransomware groups, making it illegal to pay them. Boeing has not disclosed whether it received a ransom demand or made any payments. This incident highlights the ongoing threat posed by ransomware attacks to large corporations and the importance of robust cybersecurity measures.
Confirmation of LockBit’s Claim
Boeing’s confirmation comes shortly after the Russia-linked LockBit ransomware gang claimed responsibility for a cyberattack against the company. This particular ransomware group has targeted approximately 1,800 victim systems globally since late 2019, as stated in a recent U.S. government advisory. LockBit issued a threat to publish a large amount of sensitive data supposedly stolen from Boeing if the company failed to meet a ransom demand by November 2. Although the listing has been since removed from LockBit’s website, such actions by ransomware gangs are commonly used to extort companies by publishing stolen files if the ransom is not paid. The removal of the listing suggests that negotiations or payment may have taken place, although Boeing has not confirmed this.
Government Sanctions and Ransomware Groups
The U.S. government has previously sanctioned Evil Corp, believed to be an affiliate of the LockBit ransomware group, making it illegal for businesses or individuals to pay the attackers. Paying ransoms to sanctioned hacking groups and ransomware gangs can violate U.S. law. When questioned, Boeing did not disclose whether it had received a ransom demand or if any payments were made.
Malware research group VX-Underground claimed to have communicated with LockBit administrators, who allegedly stated that they had not yet contacted Boeing. VX-Underground also mentioned that the LockBit representative declined to provide specific details on the extent or type of data that was purportedly stolen from the company.
Boeing’s Past Cyber Incidents
Boeing has experienced cybersecurity incidents in the past. In 2022, its subsidiary Jeppesen, which provides navigational information and flight planning products, disclosed a cyber incident that resulted in disruptions to flight planning operations.