May 18, 2024

Boeing has confirmed that it obtained a requirement for an enormous $200 million after a ransomware assault by the infamous LockBit hacking group in October 2023.

The corporate confirmed its hyperlink to the indictment of Dmitry Yuryevich Khoroshev, who was recognized this week by the US Division of Justice because the true id of LockBitSupp, the kingpin of the LockBit gang.

The indictment particulars Khoroshev’s alleged legal actions and references “a multinational aeronautical and protection company headquartered in Virginia” that obtained a ransom demand equal to roughly $200 million.

Though unnamed within the indictment (the corporate is known as a “Sufferer-15”) Boeing confirmed to Cyberscoop that it was the organisation which was being described.

If the $200 million determine is correct, it could be one of many very highest ransom calls for ever made by cyber-extortionists.

In late October 2023, LockBit’s leak web site introduced that it had exfiltrated a “large quantity of delicate information” from Boeing and threatened to publish it if cost was not made by 2 November 2023.

On the time, Boeing stated that attackers had impacted its components and distribution enterprise, however that there had been no compromise to plane or flight security.

Finally, LockBit did publish some 43GB of information they claimed had been stolen from Boeing, claiming that negotiations with Boeing for the ransom cost had damaged down.

Boeing deserves credit score for not caving to stress from its LockBit attackers. It appears the extortionists bit off greater than they may chew when asking for such an astronomical ransom cost.  The overly-optimistic demand seemingly fell flat as a result of the hackers overestimated the stolen data’s value.

Earlier this week, worldwide regulation enforcement companies introduced that sanctions had been positioned on Khoroshev by the USA, UK, and Australian authorities.

LockBitSupp, in the meantime, has posted denials that their true id is Dmitry Yuryevich Khoroshev and says that regulation enforcement companies have gotten the flawed particular person of their sights.