Ransomware group LockBit threatens to leak thousands of blueprints it stole after it hacked a SpaceX contractor. Although it's unclear how sensitive the stolen materials are, the breach could prove damaging to SpaceX and U.S. since Musk's company works closely with NASA and has launched several secret payloads for the U.S. government.
Ransomware attacks have become widespread recently, with some high-profile targets being breached. SpaceX joined the club on Monday after ransomware group LockBit bragged about stealing thousands of blueprints from Maximum Industries, one of SpaceX's suppliers. The group demands an unspecified payment to prevent the sale of 3,000 SpaceX blueprints to the highest bidder.
The threat was posted to the LockBit's webpage on the dark web, and a screenshot was shared on Twitter by cybersecurity analyst and security researcher Dominic Alvieri. LockBit is not concerned about SpaceX or its contractor not paying the ransomware group. According to the message shared by LockBit, the deadline expires on March 20, at 11:26:23 UTC, after which all stolen data would be sold to the highest bidder. Either way, the group gets its money.
Right now, it doesn't look like SpaceX or Maximum Industries are interested in a negotiation. The hackers complain about them not being "talkative." They also mock Elon Musk, telling him they would sell the drawings to other manufacturers "to build the ship faster and fly away." The schematics may not be useful in themselves, considering that the parts still need to be manufactured, which might not prove trivial. However, they could be interesting for other states' space programs.
There's another interesting connection between the LockBit group and Elon Musk. According to a Cybernews report, the LockBit ransomware syndicate uses Starlink internet to avoid detection. Because the Starlink satellite network is much broader than other internet networks, it's a lot more difficult to track users down when the authorities identify network access.
According to its website, Maximum Industries is a parts manufacturer specializing in waterjet cutting, laser cutting, and CNC machine services. Based on this, the Irving, Texas, company might supply SpaceX with custom rocket and satellite parts, which explains why it had the blueprints. BitLock's message claims that SpaceX engineers have "certified" the stolen documents, although this might not mean much.
Not always, ransomware attacks result in the ransom being paid, although it's difficult to know for sure. According to The Register, there are many other attacks by the same group where the victims refused to pay, or so they say. LockBit always claimed otherwise, at least to save face and make other victims comply with their requests.
On the other hand, companies don't want others to know that their IT systems were compromised, so they'll deny anything happened. As you expect, neither SpaceX nor Maximum Industries commented on the alleged security breach when contacted by The Register.
The threat was posted to the LockBit's webpage on the dark web, and a screenshot was shared on Twitter by cybersecurity analyst and security researcher Dominic Alvieri. LockBit is not concerned about SpaceX or its contractor not paying the ransomware group. According to the message shared by LockBit, the deadline expires on March 20, at 11:26:23 UTC, after which all stolen data would be sold to the highest bidder. Either way, the group gets its money.
Right now, it doesn't look like SpaceX or Maximum Industries are interested in a negotiation. The hackers complain about them not being "talkative." They also mock Elon Musk, telling him they would sell the drawings to other manufacturers "to build the ship faster and fly away." The schematics may not be useful in themselves, considering that the parts still need to be manufactured, which might not prove trivial. However, they could be interesting for other states' space programs.
There's another interesting connection between the LockBit group and Elon Musk. According to a Cybernews report, the LockBit ransomware syndicate uses Starlink internet to avoid detection. Because the Starlink satellite network is much broader than other internet networks, it's a lot more difficult to track users down when the authorities identify network access.
According to its website, Maximum Industries is a parts manufacturer specializing in waterjet cutting, laser cutting, and CNC machine services. Based on this, the Irving, Texas, company might supply SpaceX with custom rocket and satellite parts, which explains why it had the blueprints. BitLock's message claims that SpaceX engineers have "certified" the stolen documents, although this might not mean much.
Not always, ransomware attacks result in the ransom being paid, although it's difficult to know for sure. According to The Register, there are many other attacks by the same group where the victims refused to pay, or so they say. LockBit always claimed otherwise, at least to save face and make other victims comply with their requests.
On the other hand, companies don't want others to know that their IT systems were compromised, so they'll deny anything happened. As you expect, neither SpaceX nor Maximum Industries commented on the alleged security breach when contacted by The Register.
LockBit breaches Maximum Industries with a message to Elon Musk and SpaceX contractors.
— Dominic Alvieri (@AlvieriD) March 13, 2023
/maximumind.com@elonmusk @SpaceX #cybersecurity #infosec #lockbit pic.twitter.com/voroB6hJET