Boeing recently confirmed that in October 2023, it fell victim to an attack by the LockBit ransomware gang, which disrupted some of its parts and distribution operations. The attackers demanded a whopping $200 million not to release the data they had exfiltrated.
On Wednesday, Boeing admitted it was the company described as the "multinational aeronautical and defense corporation headquartered in Virginia" in a recently unsealed U.S. Department of Justice indictment. This indictment revealed the identity of the LockBitSupp administrator.
The indictment accused Dmitry Yuryevich Khoroshev (Picture with $10M award) of being the primary administrator and developer of the LockBit ransomware, as part of a global crackdown involving sanctions from the U.S., U.K., and Australia.
Boeing’s LockBit Ransomware Ordeal
LockBit initially named Boeing as a victim on its website on October 27, setting a November 2 deadline for ransom payment. At that time, Boeing opted not to comment on the matter, leaving LockBit's claims unconfirmed.
LockBit removed Boeing from its list of victims three days later, sparking speculation that the situation was either a hoax or that a ransom had been paid. However, Boeing later confirmed that it had indeed been targeted by LockBit.
After apparent failure in ransom negotiations, LockBit once again listed Boeing and threatened to release 4 gigabytes of data as a sample of what had been stolen, with a warning that more would soon be published.
Continuing with their threat, LockBit released over 40GB of data on November 10, suggesting that Boeing had not conceded to the ransom demands. Boeing has yet to make a public statement regarding the stolen data.
Data shared by LockBit actors indicates the group may have exploited CVE-2023-4966 — a recently disclosed vulnerability known colloquially as “Citrix Bleed” — in its attack on Boeing. Several cybersecurity experts praised Boeing for refusing to the ransom.
Skyrocketing Ransom Demands
The indictment emphasizes the excessive ransom amounts demanded by Khoroshev and his group, which have extorted over $500 million from their victims since late 2019. Khoroshev's share of nearly $100 million has been reinvested into sustaining and expanding the LockBit operations.
Analysts now view the ransom demand made to Boeing as one of the highest ever from a ransomware gang, suggesting LockBit was likely testing the waters with no real expectation of receiving the full amount.
From September 2019 to February 2024, Khoroshev escalated LockBit into a significant global criminal enterprise, targeting roughly 2,500 victims, including nearly 1,800 in the U.S., according to the indictment.
LockBit’s extensive victim list includes not only companies like Boeing but also law enforcement agencies, security firms, municipalities, schools, financial organizations, and even multinational fast-food chains.
Understanding the LockBit Ransomware Gang
Originating in 2019, the LockBit ransomware gang primarily attacks global corporations, especially those based in the U.S., and is linked to Russian entities. The gang has accumulated tens of millions in ransom payments.
The CISA notes that LockBit has carried out over 1700 attacks in the U.S., often by hijacking and threatening to leak sensitive data for financial gain.
The recent attack on Boeing underscores the ongoing threat of cyberattacks to major businesses. LockBit’s aggressive approach and specific targeting of a leading aerospace and defense player underscore the critical need for enhanced cybersecurity defenses.
The downtime and huge loss of time caused by ransomware groups like LockBit underline the severe implications of data breaches and the vital importance of these three things: 1) patching vulnerabilities, 2) security awareness training, and 3) using phishing-resistant MFA.
Here's how it works:
