2 min read

Boeing refused to pay $200 million ransomware demand from LockBit gang


May 10, 2024

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Boeing refused to pay $200 million ransomware demand from LockBit gang

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023.

The company confirmed its link to the indictment of Dmitry Yuryevich Khoroshev, who was identified this week by the US Department of Justice as the true identity of LockBitSupp, the kingpin of the LockBit gang.

The indictment details Khoroshev's alleged criminal activities and references "a multinational aeronautical and defense corporation headquartered in Virginia" that received a ransom demand equivalent to approximately $200 million.

Although unnamed in the indictment (the company is referred to as a "Victim-15") Boeing confirmed to Cyberscoop that it was the organisation which was being described.

If the $200 million figure is accurate, it would be one of the very highest ransom demands ever made by cyber-extortionists.

In late October 2023, LockBit's leak site announced that it had exfiltrated a "tremendous amount of sensitive data" from Boeing and threatened to publish it if payment was not made by 2 November 2023.

At the time, Boeing said that attackers had impacted its parts and distribution business, but that there had been no compromise to aircraft or flight safety.

Ultimately, LockBit did publish some 43GB of data they claimed had been stolen from Boeing, claiming that negotiations with Boeing for the ransom payment had broken down.

Boeing deserves credit for not caving to pressure from its LockBit attackers. It seems the extortionists bit off more than they could chew when asking for such an astronomical ransom payment.  The overly-optimistic demand likely fell flat because the hackers overestimated the stolen information's worth.

Earlier this week, international law enforcement agencies announced that sanctions had been placed on Khoroshev by the United States, UK, and Australian authorities.

LockBitSupp, meanwhile, has posted denials that their true identity is Dmitry Yuryevich Khoroshev and says that law enforcement agencies have got the wrong person in their sights.




Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like