defence connect logo



Ransomware attack confirmed by Boeing, as hackers remove ransom post

Aerospace giant Boeing has said it is “actively investigating” ransomware claims by the LockBit gang.

Aerospace giant Boeing has said it is “actively investigating” ransomware claims by the LockBit gang.

Ransomware operator LockBit 3.0 made a big announcement on its darknet leak site over the weekend, claiming the ransomware scalp of American aerospace multinational Boeing.

At the time, Boeing was circumspect in its response to the hack, at least to the media.


“We are assessing this claim,” a spokesperson told Defence Connect sister brand Cyber Daily – the same statement shared with all media.

Now, Boeing has confirmed that an incident did take place.

“We are aware of a cyber incident impacting elements of our parts and distribution business,” a Boeing spokesperson told Cyber Daily via email.

“This issue does not affect flight safety. We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”

Boeing’s “parts and distribution business” operates under the name Boeing Distribution Services. According to its website, Boeing Distribution Services “stocks over 1 million part numbers for OEMs, MROs and airlines, and offers end-to-end services that reduce cost, risk and complexity”.

It employs more than 2,300 people in 65 locations worldwide. The company works in both the civilian and military sectors and provides parts and materials made by nearly 150 partners, including 3M, ExxonMobil, and Shell Aviation.

Curiously, LockBit has since deleted the ransom post from its leak site. At the time of the hack, LockBit boasted about the data they had exfiltrated.

“A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!” LockBit said.

“For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”

LockBit has given no reason for the takedown. It could be that Boeing is actively negotiating with the gang, though Boeing has made no mention of any communication with the ransomware operator or of any intention to pay the ransom.

It’s also possible that the gang was sitting on data that was too sensitive even for them. With Boeing’s defence industrial operations and links, it’s entirely possible that LockBit bit off more than it could chew and has simply backed out of demanding a ransom entirely.

You need to be a member to post comments. Become a member for free today!