A facility in the US state of South Carolina owned by aerospace and defence contracting giant Boeing was hit by a WannaCry attack on Wednesday, the Seattle Times reported, but the company is now trying to tamp down fears that the dreaded ransomware is back on the rise after it was only barely snuffed out last year.
Per the Times, Boeing Commercial Airplane production engineering chief Mike VanderWel sent out a memo earlier in the day calling for “all hands on deck,” adding “It is metastasising rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down.” VanderWel added that the WannaCry infection could have “spread to airplane software” after spreading to equipment used in the testing of newly produced aircraft.
But now Boeing is trying to reassure everyone that they don’t believe this is a worst-case scenario, the Times wrote:
Late Wednesday afternoon however, Boeing issued a statement dialing back those fears.
“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” Boeing said. “Remediations were applied and this is not a production and delivery issue.”
Nevertheless, the attack triggered widespread alarm within the company.
VanderWel’s message said the attack required “a battery-like response,” a reference to the 787 in-flight battery fires in 2013 that grounded the world’s fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix.
The statement did not clarify whether the “limited intrusion” was indeed WannaCry, which uses an exploit named EternalBlue allegedly developed by the US National Security Agency to encrypt file systems and demand ransom payments to unlock them in the form of cryptocurrency. WannaCry spread across much of Europe and Asia in May 2017 until British security researcher Marcus Hutchins, who goes by the pseudonym MalwareTech, accidentally deactivated it by registering a web domain that served as a kill switch.
Multiple variants of WannaCry are now in the wild, though there’s no evidence any of them have spread to planes.
Statement: A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.
— Boeing Airplanes (@BoeingAirplanes) March 28, 2018
Texas-based cybersecurity researcher Mitchell Edwards told the Times that the version of WannaCry that allegedly hit Boeing was probably updated to remove the kill switch. But he also clarified that it is unlikely to have been modified to affect systems not running Windows, like planes or production equipment. While Microsoft has released patches intended to protect against WannaCry, either they have been ineffective at completely stopping revised versions of the software or Boeing did not install them.
Though the US has publicly asserted that the creators of the ransomware were hackers employed by North Korea’s infamous government, hard evidence on the matter has been elusive and it’s possible that someone went to great lengths to frame them. In any case, with new variants of the software emerging and the proliferation of similar malware based on leaked NSA technology, any finger-pointing at suspected culprits in this attack is premature.[Seattle Times]