A South Carolina facility owned by aerospace and defence contracting giant Boeing was hit by a WannaCry attack this morning, the Seattle Times reported, but the company is now trying to tamp down fears that the dreaded ransomware is back on the rise after it was only barely snuffed out last year.
Boeing 737 engines at an assembly plant in Renton, Washington. Photo: AP
Per the Times, Boeing Commercial Aeroplane production engineering chief Mike VanderWel sent out a memo earlier in the day calling for “all hands on deck”, adding, “It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down.” VanderWel added that the WannaCry infection could have “spread to aeroplane software” after spreading to equipment used in the testing of newly produced aircraft.
But now Boeing is trying to reassure everyone that they don’t believe this is a worst-case scenario, the Times wrote:
Late Wednesday afternoon however, Boeing issued a statement dialling back those fears.
“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” Boeing said. “Remediations were applied and this is not a production and delivery issue.”
Nevertheless, the attack triggered widespread alarm within the company.
VanderWel’s message said the attack required “a battery-like response,” a reference to the 787 in-flight battery fires in 2013 that grounded the world’s fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix.
The statement did not clarify whether the “limited intrusion” was indeed WannaCry, which uses an exploit named EternalBlue allegedly developed by the National Security Agency to encrypt file systems and demand ransom payments to unlock them in the form of cryptocurrency. WannaCry spread across much of Europe and Asia in May 2017 until British security researcher Marcus Hutchins, who goes by the pseudonym MalwareTech, accidentally deactivated it by registering a web domain that served as a kill switch.
Multiple variants of WannaCry are now in the wild, though there’s no evidence any of them have spread to planes.
Statement: A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.
— Boeing Airplanes (@BoeingAirplanes) March 28, 2018
Dallas, Texas-based cybersecurity researcher Mitchell Edwards told the Times that the version of WannaCry that allegedly hit Boeing was probably updated to remove the kill switch. But he also clarified that it is unlikely to have been modified to affect systems not running Windows, such as planes or production equipment. While Microsoft has released patches intended to protect against WannaCry, either they have been ineffective at completely stopping revised versions of the software or Boeing did not install them.
Though the US has publicly asserted that the creators of the ransomware were hackers employed by North Korea’s infamous government, hard evidence on the matter has been elusive and it’s possible that someone went to great lengths to frame them. In any case, with new variants of the software emerging and the proliferation of similar malware based on leaked NSA techology, any finger-pointing at suspected culprits in this attack is premature.