[Must Read] How Boeing Battled a Whopping $200M Ransomware Demand



RewardBoeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated.

On Wednesday, Boeing admitted it was the company described as the "multinational aeronautical and defense corporation headquartered in Virginia" in a recently unsealed U.S. Department of Justice indictment. This indictment revealed the identity of the LockBitSupp administrator.

The indictment accused Dmitry Yuryevich Khoroshev (Picture with $10M award) of being the primary administrator and developer of the LockBit ransomware, as part of a global crackdown involving sanctions from the U.S., U.K., and Australia.

Boeing’s LockBit Ransomware Ordeal

LockBit initially named Boeing as a victim on its website on October 27, setting a November 2 deadline for ransom payment. At that time, Boeing opted not to comment on the matter, leaving LockBit's claims unconfirmed.

LockBit removed Boeing from its list of victims three days later, sparking speculation that the situation was either a hoax or that a ransom had been paid. However, Boeing later confirmed that it had indeed been targeted by LockBit.

After apparent failure in ransom negotiations, LockBit once again listed Boeing and threatened to release 4 gigabytes of data as a sample of what had been stolen, with a warning that more would soon be published.

Continuing with their threat, LockBit released over 40GB of data on November 10, suggesting that Boeing had not conceded to the ransom demands. Boeing has yet to make a public statement regarding the stolen data.

Data shared by LockBit actors indicates the group may have exploited CVE-2023-4966 — a recently disclosed vulnerability known colloquially as “Citrix Bleed” — in its attack on Boeing. Several cybersecurity experts praised Boeing for refusing to the ransom. 

Skyrocketing Ransom Demands

The indictment emphasizes the excessive ransom amounts demanded by Khoroshev and his group, which have extorted over $500 million from their victims since late 2019. Khoroshev's share of nearly $100 million has been reinvested into sustaining and expanding the LockBit operations.

Analysts now view the ransom demand made to Boeing as one of the highest ever from a ransomware gang, suggesting LockBit was likely testing the waters with no real expectation of receiving the full amount.

From September 2019 to February 2024, Khoroshev escalated LockBit into a significant global criminal enterprise, targeting roughly 2,500 victims, including nearly 1,800 in the U.S., according to the indictment.

LockBit’s extensive victim list includes not only companies like Boeing but also law enforcement agencies, security firms, municipalities, schools, financial organizations, and even multinational fast-food chains.

Understanding the LockBit Ransomware Gang

Originating in 2019, the LockBit ransomware gang primarily attacks global corporations, especially those based in the U.S., and is linked to Russian entities. The gang has accumulated tens of millions in ransom payments.

The CISA notes that LockBit has carried out over 1700 attacks in the U.S., often by hijacking and threatening to leak sensitive data for financial gain.

The recent attack on Boeing underscores the ongoing threat of cyberattacks to major businesses. LockBit’s aggressive approach and specific targeting of a leading aerospace and defense player underscore the critical need for enhanced cybersecurity defenses.

The downtime and huge loss of time caused by ransomware groups like LockBit underline the severe implications of data breaches and the vital importance of these three things: 1) patching vulnerabilities, 2) security awareness training, and 3) using phishing-resistant MFA. 


RanSim

Free downloadable software tool

Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

RanSim gives you a quick look at the effectiveness of your existing network protection. RanSim will test 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

RansIm-Monitor3Here's how it works:

  • 100% harmless simulation of real ransomware and cryptomining infections
  • Does not use any of your own files
  • Tests 25 types of infection scenarios
  • Just download the installer and run it
  • Results in a few minutes!

Get RanSim!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/ransim

Topics: Ransomware



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews