LockBit threats loom: Stolen SpaceX schematics at risk of leak. Stay vigilant as cybersecurity challenges escalate in the face of evolving threats. The notorious ransomware gang LockBit is at it again, targeting SpaceX with a threat to sell thousands of rocket blueprints. This time, the gang claims to have breached Maximum Industries, a third party vendor in Texas that supplies parts for Elon Musk’s rockets and satellites.
The gang posted a few sample documents on their website, including a Raptor V2 engine design and non-disclosure agreement between SpaceX and Maximum Industries.
What are the schematics?
The hacker gang behind the LockBit ransomware has claimed to steal proprietary schematics from SpaceX and is now threatening to auction them off. The cybercriminals broke into a third-party vendor in the SpaceX supply chain to gain access to the sensitive data, according to reports. The gang has already publicly posted samples of engineering drawings from Maximum Industries, a Texas-based supplier to SpaceX. The company specializes in laser cutting services for manufacturing companies, and is located near SpaceX’s rocket production facilities.
The hackers claim that they stole 3,000 schematics, including some certified by SpaceX engineers. They also posted a non-disclosure agreement between Maximum Industries and SpaceX. They want the company to pay a ransom, and say they will publish the stolen information if they don’t receive it within a week. It is typically recommended that victims refuse to pay such ransoms, as the criminals might simply publish the stolen files anyway.
Specifically, the gang’s leaked data appears to include a Raptor V2 engine schematic. This is the kind of engine that is used to power rockets and satellites from SpaceX, as well as several other companies. One of the leaked documents includes a diagram of what looks like a nozzle from a Raptor V2. The gang says that they will also be releasing the designs for SpaceX’s Dragon cargo spacecraft and the Starship prototype.
As the Register notes, while it is not clear whether these are accurate, the schematics do appear to be genuine. It is also not clear why the gang would target a third-party vendor rather than SpaceX itself.
Elon Musk‘s SpaceX is involved in many government contracts, including national defense projects. The company has had over $2 billion in federal government contracts in recent years. It is not clear whether any of the stolen data relates to these sensitive government projects, although the gang’s previous attacks on cheese producer Bonta Viva and real estate Radium Life Technology suggest that it is interested in attacking small businesses.
Ultimately, it does not seem as though the gang will be successful in blackmailing SpaceX. The company has already said that it is not interested in negotiating, and the hackers may find that they have wasted their time.
What are they for?
A ransomware gang is threatening to make public Elon Musk’s prized business secret: the design of his rockets. The LockBit gang claims to have breached a third party vendor, Maximum Industries, a fabricator of SpaceX parts in Irving, Texas, and stolen some 3,000 drawings that the gang says are certified by SpaceX engineers. They are attempting to blackmail SpaceX into paying them.
It’s not the first time that SpaceX has been targeted by criminal hackers, nor is it the first time that a third party vendor has been the victim. Almost exactly three years ago the DoppelPaymer ransomware gang breached Visser Precision, which supplies parts for both SpaceX and Tesla, stole internal documents, and threatened to leak them if the company didn’t pay.
Unlike the telecommunications industry, manufacturers have little capacity to absorb the cost of downtime caused by a ransomware attack, and they are much more likely to pay up rather than risk losing customers or potential revenue. This makes them a prime target for threat actors, especially as many manufacturing systems are outdated and unpatched.
The LockBit gang isn’t the first to attempt to steal and extort money from manufacturers, but it may be the most prolific. It claims to have hacked the UK’s Royal Mail in early February, which ultimately paid a ransom to resume international shipments, and also breached financial technology firm ION the month before.
Both the Royal Mail and ION declined to comment on their dealings with the ransomware gang, so it isn’t clear whether either of those cases ended up paying the requested amount or not. But, if they did, it’s hard to imagine that the gang would have let their victims off the hook so easily, as they did with Royal Mail.
It’s not yet clear whether SpaceX or Maximum Industries will do the same. The deadline for a response passed yesterday, and no further news on the matter has emerged. The gang also said that it will begin selling the stolen files on the Dark Web in about five days, but it’s not clear whether they will actually follow through with this threat.
How valuable is this information?
Prolific ransomware gang LockBit has breached the systems of a supplier to Elon Musk’s SpaceX, posting a sample set of proprietary schematics on a dark web victim blog. The company allegedly has until March 20 to pay the ransom or have their diagrams auctioned online. The victim is Maximum Industries, a ‘piece-part production and contract manufacturing facility’ located in Texas that serves clients in the aerospace industry.
The leak of the documents by the gang could damage the reputation and bottom line of both SpaceX and Maximum Industries, as well as potentially expose sensitive information about national defense projects. This is particularly true for Maximum, which has received over $2 billion in federal contracts for its commercial rockets and the Starshield military satellite system that would be used by the Space Force if the Pentagon had a say in it.
Although the gang claims to have accessed over 3,000 schematics from the firm, only a few were posted online this week. The leaked document samples appear to show the blueprints for components of the Raptor V2 engine, which is reportedly a redesign of the original decade-old model. Located near Dallas, the firm is just over a two-hour drive from SpaceX’s facility, where it produces the engines for its launch vehicles.
While the documents are likely valuable to rival firms, it is not yet clear if the gang intends to sell them or simply post them on a public list. In the past, when it has posted data breaches on its website, LockBit has threatened to release more stolen information if victims did not comply with the ransom demands.
Often, the gang’s ransom demand is for a large sum of money in cryptocurrency that it encrypts on the victims’ computers. It does this by leveraging vulnerabilities in outdated software. The gang has exploited these in the past to hit organisations including Foxconn, Accenture and the Royal Mail.
The gang, which is believed to be based in Russia, has claimed hundreds of thousands of victims across the world. Typically, it extorts between $100,000 and $200,000 per attack. Almost half of the affected organisations are based in North America, followed by Europe (France, Germany and Italy).
What is the ransom?
In what sounds like a scene from a Hollywood movie, a ransomware gang claims to have breached the company that makes Elon Musk’s rockets. The LockBit gang says it got hold of 3,000 SpaceX blueprints and is threatening to sell them to rivals if the entrepreneur doesn’t cough up a ransom.
The gang says it stole the engineering drawings from third party vendor Maximum Industries, which provides laser cutting services for major manufacturers and is located in Texas. It says it will publish the drawings online or put them up for sale on the dark web if the aerospace company doesn’t pay up by March 20. The gang isn’t saying how much it wants for the schematics, but it suggests the amount could be in the millions of dollars.
SpaceX and Maximum Industries didn’t respond to requests for comment from The Register. If the gang publishes the blueprints, it would be the first time that they’ve been made public, which would be embarrassing for both companies. It’s also a risky proposition for the crooks because they could be hit with legal action from the US government, which largely relies on SpaceX to launch secret payloads for the country.
While it’s not clear who the hacker gang is, it does have plenty of experience with these types of breaches. It first emerged at the start of 2020 and has already earned more than $100 million from its extortion scheme, according to US authorities. It is believed to have targeted more than 1,000 organizations.
In February, LockBit hacked UK postal service Royal Mail, forcing it to halt international shipping while it demanded $80m in Bitcoin. It later broke into the systems of financial technology firm ION and Pierce Transit, a public transit operator in Washington state. Both of those companies paid the gang’s ransom but did not reveal how much they paid.
In a bid to avoid detection, the group uses the Starlink satellite network instead of traditional internet connections. This allows it to hide its identity by moving around the globe and switching internet services in real time. The gang also says it uses encrypted chat apps to communicate with victims, which could help protect their conversations from prying eyes.
