Boeing reportedly hit by Wannacry ransomware

Show all

Boeing reportedly hit by Wannacry ransomware

Boeing has reportedly been struck in a major way by Wannacry, the ransomware that spread like wildfire last year. The Seattle Times obtained a memo from Mike VanderWel, of the company’s commercial airliner division, describing the malware as “metastasizing rapidly.”

Wannacry, you may remember, spread using a Windows exploit leaked from NSA files, demanded a modest sum in bitcoin to decrypt the victim’s files, and was stopped in dramatic fashion by a single person. Investigators confidently but, as with most attacks like this, circumstantially attributed the attacks to North Korea.

VanderWel’s memo says that the infection appears to have started in North Charleston, and for all we know is still spreading: “I just heard 777 (automated spar assembly tools) may have gone down,” he writes, and “airplane software,” whatever that term really means inside a company that makes airplanes, could be next.

Although the attacks may have originated in North Korea and Boeing is of course a major defense contractor, it would be premature to connect those dots at this moment. Wannacry was far from a targeted strike; it was “indiscriminately reckless,” as one U.S. official rather redundantly put it, spreading geometrically and affecting soft targets like hospitals as well as individuals.

Wannacry’s initial flare-up may have been tamped down with the “kill switch” and subsequent patches addressing the exploit, but clearly it was not eliminated altogether — though this may very well be a mutation or modified version of the original software.

This story is developing. We’ve contacted Boeing for more information and have been told to expect it momentarily, so check back soon.

Update: Boeing issued a statement on Twitter downplaying the situation:

A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.

I’ve asked for clarification on how to reconcile this with VanderWel’s description.

Powered by WPeMatico

Comments are closed.