Boeing confirms $200 million cyber extortion attempt in 2023
What's the story
Boeing, the multinational aerospace and defense corporation, has confirmed being targeted in a $200 million cyber extortion attempt in October 2023. The cybercriminals used the LockBit ransomware platform to carry out the attack. This information came to light after an indictment was unsealed by the US Department of Justice on Tuesday, identifying Boeing as the victimized company. Boeing has declined to comment further on this matter, directing all inquiries to the Federal Bureau of Investigation (FBI).
Information
Russian national identified as primary orchestrator of the ransomware attack
The indictment named Dmitry Yuryevich Khoroshev as the main orchestrator and developer of the LockBit ransomware operation. Khoroshev, a Russian national, is currently facing international action involving sanctions from the US, the UK, and Australia.
No ransom paid
Boeing's stance on the cyber extortion attempt
Despite nearly 43GB of Boeing's data being displayed on LockBit's website in early November, no ransom was reportedly paid by the company. Boeing acknowledged a "cyber incident" at that time which affected parts of their distribution business but assured that flight safety was not compromised. The company never commented on the stolen data published by LockBit.
Large ransom demands
Extortion attempt highlighted in indictment
The indictment underscored this extortion attempt as an instance of "extremely large" ransom demands made by Khoroshev and his associates. Since late 2019 or early 2020, they have reportedly amassed over $500 million in ransoms from their victims. Brett Callow, a ransomware analyst with cybersecurity firm Emsisoft, suggested that this could be "the second biggest ransom demand to date — or, perhaps more accurately, to have become public knowledge."
Confirmation received
LockBitSupp confirms Boeing as targeted company
LockBitSupp, the online alias representing LockBit, confirmed to CyberScoop on Wednesday that Boeing was indeed the company referred to in the indictment. US and British law enforcement authorities have identified Khoroshev as LockBitSupp, a claim which was disputed in a message posted to LockBitSupp's account on a messaging platform. This confirmation further solidifies Boeing's position as the victim of this cyber extortion attempt.