LockBit leaks Boeing files after failed ransom negotiations The Register

The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand. The gang dumped the files online early Friday morning. This latest leak includes about 50GB of data in the form of compressed archives and backup files for various systems. The full release comes after the extortionists uploaded some files said to be related to company finances and marketing activities as well as supplier details. Screenshots of the stolen info showed several Citrix logs, which has led to some speculation that LockBit exploited Citrix Bleed to break into the defense contractor's systems. Boeing has so far refused to comment on the initial point of entry into its systems. Neither data dump has been verified by The Register, and Boeing declined to answer specific questions about the incident or the stolen files. Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety. According to security researcher Dominic Alvieri, the files also contained corporate emails. "I haven't gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent," Alvieri told The Register. LockBit first listed the aircraft giant on its dark-web site on October 28, and on November 2 Boeing confirmed to The Register it had suffered an IT intrusion. At the time, a spokesperson said the break-in affected the manufacturer's parts and distribution business. By then the ransomware crew had removed Boeing from its leaks site and told the malware librarians at VX Underground that it was negotiating with the US corporation. It appears that the negotiations failed - or possibly the multinational determined that the criminals hadn't accessed any sensitive info, and thus it wouldn't pay to pay the extortion demand, or no talks ever actually took place - and Boeing is now back on the LockBit extortion website. China's largest bank, ICBC, was hit by a ransomware attack that disrupted financial services systems on Thursday Beijing time. LockBit told VX-Underground that it was was responsible for this break-in, too.

This Cyber News was published on www.theregister.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to LockBit leaks Boeing files after failed ransom negotiations The Register

LockBit leaks Boeing files after failed ransom negotiations The Register - The LockBit crew is claiming to have leaked all of the data it stole from Boeing late last month, after the passenger jet giant apparently refused to pay the ransom demand. The gang dumped the files online early Friday morning. This latest leak ...
11 months ago Theregister.com
U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
8 months ago Americansecuritytoday.com
Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit - For all its vaunted success, the LockBit ransomware operation appears to have already been beset by problems when an international law enforcement effort led by the UK's National Crime Agency shut it down this week. Though it's likely that the dozens ...
8 months ago Darkreading.com
Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates - U.S. and U.K. authorities have seized the darknet websites run by LockBit, a prolific and destructive ransomware group that has claimed more than 2,000 victims worldwide and extorted over $120 million in payments. Instead of listing data stolen from ...
8 months ago Krebsonsecurity.com
LockBit Ransomware Targets German Energy Agency Dena - Dena, the reputed German Energy Agency, is said to have fallen victim to the notorious LockBit ransomware group. The Dena cyberattack was revealed through a post on the threat actor's dark web platform, where they disclose data breach incidents and ...
10 months ago Heimdalsecurity.com
LockBit attacks continue via ConnectWise ScreenConnect flaws - Exploitation of two critical ConnectWise vulnerabilities continues to mount, with many attacks attributed to ransomware gangs such as LockBit. Last month, ConnectWise disclosed an authentication bypass vulnerability, tracked as CVE-2024-1708, that ...
7 months ago Techtarget.com
Police arrest four suspects linked to LockBit ransomware gang - Previous arrests of Lockbit ransomware actors (some of them already charged for various offenses) include Mikhail Pavlovich Matveev (aka Wazawaka) in May 2023, Artur Sungatov and Ivan Gennadievich Kondratiev (aka Bassterlord) in February 2024, and ...
1 month ago Bleepingcomputer.com
Boeing confirms attempted $200 million ransomware extortion attempt - The cybercriminals who targeted Boeing using the LockBit ransomware platform in October 2023 demanded a $200 million extortion payment, the company said Wednesday. Boeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and ...
5 months ago Cyberscoop.com
Shimano's Cyber Siege: A Saga of Resistance Against Ransomware - Shimano Industries, a prominent Japanese multinational manufacturing company specializing in cycling components, fishing tackle, and rowing equipment, seems to have been hit by a massive data breach by the ransomware attacker LockBit, who has ...
10 months ago Cysecurity.news
Boeing assessing Lockbit hacking gang threat of sensitive data leak - SAN FRANCISCO, Oct 27 - Boeing Co said on Friday it was assessing a claim made by the Lockbit cybercrime gang that it had "a tremendous amount" of sensitive data stolen from the aerospace giant that it would dump online if Boeing didn't pay ransom by ...
11 months ago Reuters.com
LockBit claim about hacking U.S. Federal Reserve fizzles - The LockBit ransomware gang claimed it had breached the U.S. Federal Reserve, but it ultimately leaked data belonging to a single bank. On June 23, LockBit listed the U.S. Federal Reserve on its data leak site and claimed to have obtained roughly 33 ...
4 months ago Techtarget.com
Cops dismantled LockBit before latest variant hit market The Register - Law enforcement's disruption of the LockBit ransomware crew comes as the criminal group was working on bringing a brand-new variant to market, research reveals. As part of the daily LockBit leaks this week, Trend Micro's report on the group, ...
8 months ago Go.theregister.com
LockBit Ransomware Gang's Website Shut Down - The U.K. National Crime Agency's Cyber Division, the FBI and international partners have cut off ransomware threat actors' access to LockBit's website, which has been used as a large ransomware-as-a-service storefront. According to CISA, LockBit was ...
8 months ago Techrepublic.com
Boeing Starliner Set For 1 June Crewed Launch - Crewed flight of Boeing's Starliner planned to be final test to certify long-delayed vehicle for NASA flights to International Space Station. Boeing and NASA have scheduled the new date of Saturday, 1 June for the first manned test flight of Boeing's ...
5 months ago Silicon.co.uk
LockBit lied: Stolen data is from a bank, not US Federal Reserve - Recently-disrupted LockBit ransomware group, in what appears to be a desperate attempt to make a comeback, claimed this week that it had hit US Federal Reserve, the central bank of the United States. The tall claim was followed up with LockBit ...
4 months ago Bleepingcomputer.com
Law enforcement trolls LockBit, reveals massive takedown - In an act of exquisite trolling, the UK's National Crime Agency has announced further details about its disruption of the LockBit ransomware group by using the group's own dark web website. Since the demise of Conti in 2022, LockBit has been ...
8 months ago Malwarebytes.com
Copycat Criminals mimicking Lockbit gang in northern Europe - Recent reports of Lockbit locker-based attacks against North European SMBs indicate that local crooks started using Lockbit locker variants. During the past months, the Lockbit gang reached very high popularity in the underground ecosystem. The ...
1 year ago Securityaffairs.com
The Impact of LockBits New ContiBased Encryptor on Ransomware - The LockBit ransomware gang has recently started using a new encryptor, called LockBit Green, which is based on the source code of the now-defunct Conti ransomware gang. This follows the gang's previous iterations of their encryptor, which began with ...
1 year ago Heimdalsecurity.com
Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
11 months ago Bleepingcomputer.com
LockBit Remains Top Global Ransomware Threat - The LockBit ransomware strain continues to be the primary digital extortion threat to all regions, and almost all industries globally, according to a report by ZeroFox. Researchers found that LockBit was leveraged in more than a quarter of global ...
11 months ago Infosecurity-magazine.com
Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate - Western authorities on Tuesday named Russian national Aleksandr Ryzhenkov as one of the main members of the Evil Corp cybercrime group, as well as identifying him as an affiliate of the LockBit group. At the same time as identifying Ryzhenkov as one ...
1 month ago Therecord.media
Police arrested four new individuals linked to the LockBit ransomware operation - “Europol supported a new series of actions against LockBit actors, which involved 12 countries and Eurojust and led to four arrests and seizures of servers critical for LockBit’s infrastructure.” reads the press release published by ...
1 month ago Securityaffairs.com
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
11 months ago Bleepingcomputer.com
LockBit Ransomware Affiliate Sentenced to Prison in Canada - A Russian-Canadian national was sentenced to nearly four years in prison in Canada for his role in the LockBit ransomware operation. The man, Mikhail Vasiliev, 34, was arrested in October 2022 in his home in Bradford, Ontario. In February 2024, he ...
7 months ago Securityweek.com
EquiLend back in action as ransom payment rumors swirl The Register - Global securities finance tech company EquiLend's systems are now back online after announcing a disruptive ransomware attack nearly two weeks ago. EquiLend was founded in 2001 by some of Wall Street's biggest players - its board of directors ...
9 months ago Go.theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)