Prolific ransomware gang LockBit has posted a supplier of Elon Musk’s SpaceX to its dark web victim blog, claiming to have accessed over 3,000 proprietary schematics designed by the company. Maximum Industries has until March 20 to pay the ransom before the diagrams are auctioned off online.
Maximum Industries is a ‘piece-part production and contract manufacturing facility’ based in Texas that serves companies in the aerospace industry.
SpaceX contractor may have been hit by ransomware attack
The manufacturing company was posted to the victim blog this week, although as of yet there is no evidence that the gang holds any data from its clients, which include SpaceX.
From the message posted on the dark web, it appears the company has decided not to engage in negotiations with the gang.
“I would say we were lucky if SpaceX contractors were more talkative,” the blog reads. “But I think this material will find its buyer as soon as possible.”
LockBit then refers directly to the SpaceX CEO: “Elon Musk, we will help you sell your drawings to other manufacturers, build the ship faster and fly away,” the blog says. “And now for the numbers, about 3,000 drawings certified by SpaceX engineers. We will launch the auction in a week.”
Neither company has responded to Tech Monitor’s request for comment at the time of writing.
But while LockBit’s claims have not been verified, this issue still stands as a warning to third-party suppliers, explains Trevor Dearing, director of critical infrastructure solutions at Illumio. “Manufacturers remain prime targets for ransomware attacks given the potential for disruption to production, and the valuable IP they hold,” he says. “The problem is exacerbated by the rapid growth of new endpoint technologies including IoT and remote-sensing devices which are expanding the attack surface.”
Companies could adopt a risk-based approach to mitigate against current online dangers, continues Dearing. “Fundamental to this are two key requirements, understanding the flow of data throughout the extended asset attack surface and separating key functions within the network to prevent breaches from spreading to reach critical assets,” he says.
LockBit continues its prolific crime spree
LockBit is one of the most prolific ransomware currently in operation, and posted 126 victims to its leak site in February alone, according to security company Malwarebytes.
Companies attacked by the gang in February include financial software firm ION Group and Pierce Transit, a public transit operator in Washington state. LockBit claimed that ION Group had paid an undisclosed ransom and demanded $2m from Pierce Transit.
So far this year the gang held the UK postal service Royal Mail to ransom, demanding $80m in Bitcoin. The company did not pay up, calling the demands “ridiculous,” and the gang responded by posting the data, alongside copies of the negotiations between LockBit and Royal Mail’s representatives.
Later, it stole customer data from UK highstreet retailer WH Smith. The attack hit personally identifiable information of current and former employees. There has been no indication since of whether or not the company paid the ransom.