LockBit is at it again. The “Russian affiliated” ransomware gang has followed through on its threat to leak 50 GB of Boeing’s confidential data. The scrotes stole the data last month and held it hostage, pending payment of an undisclosed ransom.
But now it seems negotiations have broken down. In today’s SB Blogwatch, we get permission for takeoff.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Helter Misirlou.
What’s the craic? James Pearson reports—“Boeing data published by Lockbit”:
“Russian”
The hackers in October said they … would dump it online if Boeing didn’t pay a ransom by Nov. 2. … Boeing confirmed that “elements” of the company’s parts and distribution business had experienced a cybersecurity incident [and] said it “remains confident” the event does not pose a threat to aircraft or flight safety.
…
Lockbit ransomware, first seen on Russian-language-based cybercrime forums in January 2020, has been detected all over the world. … The group has hit 1,700 U.S. organisations, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
So Boeing didn’t pay? Ionut Ilascu adds—“LockBit ransomware leaks gigabytes of Boeing data”:
“Warnings had been ignored”
LockBit ransomware has leaked … files from Boeing after the company refused to pay a ransom. Most of the data listed on the hacker group’s leak site are backups for various systems, the most recent of them with an October 22 timestamp.
…
The ransomware actor posted Boeing on their site on October 27. … The hackers said at the time they had stolen “a tremendous amount of sensitive data” and were ready to publish it. Boeing disappeared from LockBit’s list of victims for a period but was listed again on November 7, when the hackers announced that their warnings had been ignored. The hackers also threatened that they would publish the databases “if we do not see a positive cooperation from Boeing.”
Was that the right idea? Tom Allen thinks so—“LockBit releases Boeing’s stolen files”:
Boeing took the right stance here in refusing to pay the ransom. Doing so simply funds future criminal activity. … That said, evidence does point to Boeing at least talking to LockBit. Whether negotiations failed, or Boeing decided the data wasn’t worth what was being demanded, we [will] never know.
…
And there is no guarantee that the … criminals won’t turn around and release the stolen data anyway. That happened to Dolly.com … just this weekend, proving that there’s no honour among thieves.
But that’s not true, says tracedddd:
I know that’s what one would expect, but it’s not true. Many large ransomware distributors have a solid record of keeping their word and established relationships with the negotiation firms. Trustworthiness and honesty lead to more payouts and they have no interest in your data or doing you harm, just getting paid.
Still, gotta be some juicy nuggets in there. martinusher thinks it doesn’t matter:
There is such a thing as too much data. I’m sure there must be some vitally important data in that trove, but LockBit’s about to discover that the best place to hide a tree is in a forest.
Based on my own experience with corporate data most of it is pretty useless — there’s the stuff you have to archive for legal reasons … but beyond that there’s endless copies of meaningless emails, out of date or erroneous plans and endless, meaningless, software backups. … This firehose is going to take a lot of time to sort through.
Is that fair? It depends, says u/qoning:
Yeah it really depends. 50GB of [CxO] email data? That’s valuable. 50GB of random company storage? Probably completely worthless.
When will it end? When we get serious about funding ethical hackers, thinks yieldcrv:
Until companies accurately value their distributed bug bounties and have a better track record of paying, then the parallel market of the true market price of security will flourish. … For now, the flogging continues until morale improves.
Meanwhile, there’s no chance of bringing these Russian scrotes to justice, right? Not so fast: Here’s U/Ludwigofthepotatoppl’s analysis:
There’s going to be a Russia after Putin, and hopefully they try to rejoin the rest of the world. Handing over a bunch of the guys in these state-supported cybercrime organizations will probably be a useful chip at the table.
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi, @richij or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Image sauce: Jonathan E. Shaw (cc:by-nc; leveled and cropped)
Recent Articles By Author