Boeing Possibly Hit by ‘WannaCry’ Malware Attack

Boeing Possibly Hit by ‘WannaCry’ Malware Attack

Boeing said on Wednesday that it was hit by a cyberattack that some Boeing executives identified as the same WannaCry computer virus that struck thousands of computer systems in more than 70 countries around the world last year.

In an internal memo, Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, said the attack was “metastasizing” and he worried it could spread to Boeing’s production systems and airline software.

“We are on a call with just about every VP in Boeing,” Mr. VanderWel wrote. The memo called for “All hands on deck.”

WannaCry is a particularly vicious form of what is known as ransomware — malware that locks up victims’ computers and data with encryption, until attackers’ extortion demands are met, often in the form of the virtual currency Bitcoin. Even for victims who agree to pay, decryption is not always guaranteed. The City of Atlanta was hit with a different form of ransomware last week and was still reeling from the fallout on Wednesday.

In a statement Wednesday evening, Boeing played down the attack and said it was limited in scope and that it had not affected the company’s production lines.

“A number of articles on a malware disruption are overstated and inaccurate,” Boeing’s statement said. “Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.”

Continue reading the main story

Charles Bickers, a Boeing spokesman, declined to elaborate or confirm whether the attack was indeed WannaCry, the computer virus United States officials officially blamed on North Korea last December.

What made WannaCry so much more destructive, security experts discovered during last year’s outbreak, was that it employed an automated tool that was first developed at the National Security Agency and later dumped online in 2016 by mysterious hackers called the “Shadow Brokers.”

That tool, which the N.S.A. code-named Eternal Blue, exploited a vulnerability in Microsoft Windows software that allowed attackers to spread their malware automatically through vulnerable machines. In other cases, ransomware attackers had to manually encrypt victim’s systems.

By incorporating the N.S.A.’s tool into their ransomware last May, hackers ensured their attack would encrypt as many vulnerable machines as possible, causing maximum disruption. White House officials said North Korea was “directly responsible” for the attack.

The WannaCry attacks paralyzed computers and business operations in more than 74 countries, forcing Britain’s public health system to turn patients away and freezing computers at government agencies in Russia and FedEx in the United States, in what was the largest known ransomware assault.

Microsoft offered an emergency “patch” that effectively neutralized the vulnerability WannaCry’s attackers used to spread, but unpatched systems remain vulnerable.