Boeing, the world’s leading airplane manufacturer, found itself at the receiving end of a WannaCry ransomware attack on Wednesday but managed to quell it after applying timely remediation measures.
In a statement on Twitter, Boeing stated that the cyber attack it suffered only affected a “small number of systems” and that production or delivery departments were not hit. The company also termed recent media reports on the cyber attack as “overstated and inaccurate”.
Initial reports of a WannaCry ransomware attack on Boeing’s systems arrived after Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out letters to employees across the company’s various locations and requested “All hands on deck”.
“It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,” he warned, adding that the infection may have spread to airplane software and could also affect equipment used in functional tests of airplanes.
“We are on a call with just about every VP in Boeing,” he added.
Later on, Linda Mills, the head of communications for Boeing Commercial Airplanes, said that the company had completed its final assessment and had deployed a software patch to kill the ransomware attack.
“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. It took some time for us to go to our South Carolina operations, bring in our entire IT team and make sure we had the facts.
“The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs,” she said.
Commenting on the ransomware attack, Dan Matthews, Director of Engineering at Lastline, said that he is not surprised that WannaCry ransomware is still on the prowl and that he is confident it will continue to affect organisations in the future “because of its in-built worm spreading functions and a lack of consistent patching.”
“The WannaCry core codebase has not changed, to the best of our knowledge. We continue to see outbreaks because of the built-in worm (self-propagation) behavior which the EternalBlue exploit allowed the malware creators to include.
“For comparison, Lastline continues to see a small number of variants of the Conficker worm from 2008-2009 across our customer base each month. This worm exploited the MS08-067 vulnerability, which also attacked the Microsoft SMB protocol.
“Many vendors and security professionals published WannaCry prevention and remediation suggestions when the outbreak first appeared- these strategies are still valid, but can be difficult and risky to deploy in complex manufacturing environments such as Boeing’s. Healthcare environments are also particularly susceptible to malware worm infestations for similar reasons,” he added.