Small number of Boeing computers affected by WannaCry malware
Aircraft manufacturer Boeing was hit on Wednesday by the WannaCry ransomware, which mainly struck halfway through last year. According to the company, the damage was limited, although an internal memo initially suggested otherwise.
A company spokesman told The Seattle Times that a definitive investigation would have shown that the infection had been limited “to a few computers”. “We have applied patches. There was no disruption to our 777 aircraft program or other programs,” the spokesperson said. She does not contradict the reports that it was the WannaCry malware. The company does not disclose how the infection could have occurred in the first place. Mounir Hahad of Juniper Networks tells the paper that it is possible that the original WannaCry malware was present on a computer without an Internet connection. As a result, the ‘kill switch’ found does not work. If the computer is restarted, the infection process continues, Hahad said.
An internal Boeing memo, sent out shortly after the initial infection and seen by the newspaper, painted a different picture of the malware’s spread. For example, Mike VanderWel, chief engineer, wrote in the document that it was a situation for ‘all hands on deck’. The infection would quickly spread and he would have heard that the assembly tools for the 777 aircraft had gone offline. In addition, he expressed fears that the malware could spread to aircraft software, which the security experts the paper spoke to as highly unlikely. The incident would require a response like ‘at the batteries’, referring to the 2013 problem in which batteries of 787 devices caught fire.
Jake Williams of security firm Rendition Infosec, aka MalwareJake, told the newspaper that the incident at Boeing is not an isolated one and that he is aware of three other cases involving manufacturing companies, two of which are in the US. In one case the outage lasted 24 hours, in another case 96 hours. In either case, configuration files would have been lost and systems had to be reinstalled so production could resume. Williams expects the Boeing incident will not be the last.
The WannaCry ransomware spread rapidly in May 2017, affecting several international organizations. According to the US, North Korea is responsible for the distribution of the malware. Microsoft released patches in March of last year for the vulnerability that WannaCry uses.
WannaCry screen after infection