Reuters reports that Boeing disclosed that its parts and distribution business has been impacted by a cyberattack nearly a week after the LockBit ransomware operation claimed to have exfiltrated a significant amount of data from its systems, which it threatened to leak by Nov. 2.
Such an alleged ransomware attack was not confirmed by Boeing but the major U.S. multinational aircraft manufacturer was no longer listed on the website of LockBit, which was noted by the Cybersecurity and Infrastructure Security Agency to be the most prolific ransomware group last year.
"This issue does not affect flight safety. We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers," said a Boeing spokesperson.
Emsisoft threat analyst Brett Callow noted that uncertainties regarding the kind of data stolen from Boeing remain and that providing ransom payment does not assure that it would not be leaked.
"Paying the ransom would simply elicit a pinky promise from LockBit that they will destroy whatever data they obtained. There would, however, be no way of knowing for sure that they actually had," Callow added.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.