Aerospace giant Boeing says it was hit by a cyber incident that impacted elements of its parts and distribution business. The US company said it was investigating a claim by the Lockbit ransomware gang that it had stolen “a tremendous amount” of sensitive data from Boeing and threatened to publish it online if Boeing didn’t contact them to negotiate a ransom.
Boeing’s part and distribution business, which falls under its global services division, provides material and logistics support to customers. The company said it is assessing the incident and cooperating with a law enforcement probe. The announcement came days after the Lockbit cybercrime gang, ranked last year’s most active ransomware group based on its number of victims, claimed Boeing as its latest conquest on its dark leak site.
The threat to publish the Boeing data was accompanied by a demand for payment of $80 million in bitcoins. The company did not pay the ransom and instead notified a law enforcement agency, according to the statement.
Malware researchers vx-underground, which first reported the threat, said it had spoken to members of the Lockbit gang about the breach, and they told them the hack happened using a zero-day exploit (a flaw in software that hackers can take advantage of to get into a system). The attackers didn’t say what kind of data was exfiltrated from Boeing or whether any information was customer-based. Boeing has billion-dollar contracts with the Department of Defense, and in 2021, nearly 49% of its revenue was from those government-based deals.
Interestingly, Boeing was delisted from the Lockbit leak site on Wednesday, and it didn’t immediately respond to a request for comment about that. A delisting on the gang’s blog can signify that the victim organization has started negotiations or even agreed to pay the ransom, Reuters notes.
The cyberattack appears to have affected Boeing systems across the globe, with a spokesman telling Reuters that customers in all regions had been impacted. The company said it was working to restore affected systems without disrupting operations. It also promised to conduct a thorough forensic investigation and cooperate with authorities, he said.
Experts have warned that companies should never agree to pay ransom to cybercriminal gangs in hopes of keeping their data from being leaked. The gangs often sell data to other criminals or use it for other malicious purposes, they said. In the case of Boeing, if any military-related data is lost in the hack, it could have profound implications, analysts said.
Boeing’s parts and distribution business includes a unit that produces the engines for the country’s Air Force One presidential plane. The company’s 737 and 747 passenger jets are also manufactured in the US, along with military aircraft and satellites. The company employs more than 150,000 worldwide. Its annual revenues are about $75 billion. In addition to the aviation industry, Boeing’s other primary business is manufacturing and selling military weapons and equipment.