LockBit, a notorious ransomware group, claims to have stolen data from a supplier of SpaceX, the company that designs, manufactures, and launches rockets and spacecraft.
The group has a history of publicizing any breach that offers even a modicum of public relations potential. Maximum Industries, a woman-owned small business that offers traditional and nontraditional machining processes, is the supplier in question. LockBit posted the company to its data leak site and claimed that Maximum Industries is a contractor for SpaceX.
The group says it has around 3,000 drawings certified by SpaceX engineers and will auction off the information unless it receives a ransom payment.
None of these claims could be verified, and Maximum Industries could not be reached for comment.
LockBit uses its data leak site to attempt to name and shame victims who do not pay their ransom demands. By listing a victim, the group hopes to increase the pressure to pay.
Furthermore, if a victim does not pay, groups like LockBit hope that this will entice future victims to pay so they do not face the same outcome. LockBit likely did not go looking for a SpaceX contractor but rather managed to buy access to the business via an initial access broker or snared remote login credentials via a botnet.
LockBit views every fresh “data security event” as a shakedown opportunity.
Not all ransomware groups run data leak sites, and it is not clear what percentage of non-paying victims get added to any given site. The shutdown of the Avaddon group and the recent law enforcement takedown of Hive revealed both operations had amassed many more victims than experts suspected. LockBit has been in the headlines recently for crypto-locking the export division of the Royal Mail, Britain’s privatized national postal service.
The organization declined to pay what it characterized as an “absurd” ransom demand and instead restored from backups or put workarounds in place.