Boeing confirms attempted $200 million ransomware extortion attempt

That attempt was one of multiple “extremely large” ransom demands made by LockBit over the years, authorities said.
The Boeing Company headquarters are shown January 25, 2023 in Arlington, Virginia. (Photo by Win McNamee/Getty Images)

The cybercriminals who targeted Boeing using the LockBit ransomware platform in October 2023 demanded a $200 million extortion payment, the company said Wednesday.

Boeing confirmed to CyberScoop that it is the unnamed multinational aeronautical and defense corporation referenced in an indictment unsealed Tuesday by the U.S. Department of Justice. The indictment, which identified Dmitry Yuryevich Khoroshev as the main administrator and developer behind the LockBit ransomware operation, was part of a sweeping international array of actions against the Russian national that included sanctions in the U.S., the U.K. and Australia.

Boeing declined further comment and referred questions to the FBI. The FBI did not immediately respond to a request for comment late Wednesday.

Boeing reportedly did not pay any ransom to LockBit after roughly 43 gigabytes of company data was posted to LockBit’s website in early November, according to BleepingComputer. Boeing confirmed a “cyber incident” to CyberScoop at the time that the company said was “impacting elements of our parts and distribution business,” adding that it did not affect flight safety. The company has never commented on the stolen data posted by LockBit.


The reference in the indictment to the unnamed company was an example of the “extremely large” ransom demands made by Khoroshev and his co-conspirators, as they racked up more than $500 million in ransoms paid by victims since late 2019 or early 2020. 

“I believe this may be the second biggest ransom demand to date — or, perhaps more accurately, to have become public knowledge,” said Brett Callow, a ransomware analyst with the cybersecurity firm Emsisoft.

Callow said that it was “unlikely” that LockBit “had the ability to accurately determine just how sensitive that data was — or how much Boeing may be willing to pay to prevent it being published — and so made a ridiculously high demand simply to see what would happen. They probably had no realistic expectation of actually being paid that amount.” 

LockBitSupp, the online persona that communicates with journalists and others online on behalf of LockBit, also confirmed to CyberScoop on Wednesday that Boeing was the unnamed company. 

U.S. and British law enforcement authorities said Tuesday that Khoroshev is LockBitSupp. A message posted to LockBitSupp’s account on the messaging platform said the authorities identified the wrong person. 

AJ Vicens

Written by AJ Vicens

AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal/WhatsApp: (810-206-9411).

Latest Podcasts