Malware, Ransomware, Vulnerability Management

Boeing hit and recovering from possible WannaCry attack


Aerospace manufacturer Boeing is reporting that the company has mitigated what may have been a small outbreak of WannaCry ransomware that hit one of its manufacturing facilities on March 28.

The ransomware apparently struck several computers in the company's North Charleston, S.C. facility that are associated with the company's production of 777 airliners. A Boeing spokesperson said the company went into emergency response mode and has controlled the cyberattack.

“We've done a final assessment. The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs,” said Linda Mills, the head of communications for Boeing Commercial Airplanes, according to The Seattle Times.

The attack was limited to computers in the Commercial Airlines division. Boeing is a major defense contractor manufacturing a wide range of air and spacecraft from F-15 and F/A-18 fighters to 747s.

The fact that a company on the leading edge of technology may have been struck by such a well-known vulnerability like WannaCry, which was patched by Microsoft in March 2017, is somewhat shocking.

"We don't know a lot as of yet, and maybe it's not even Wannacry that hit Boeing - it could be a ‘wannacry-style' piece of ransomware that is taking advantage of the EternalBlue vulnerability to spread throughout the factory floors,” said Richard Henderson, global security strategist for Absolute.

However, if this is WannaCry and is leveraging the EtnernalBlue NSA exploit this attack had the potential to be devastating he said.

WannaCry ransomware is spread using the known, and patched, vulnerability (MS17-010) that came from a leaked NSA set of exploits. EternalBlue is used to inject the backdoor malware DoublePulsar which is then used to infect a computer with ransomware. This malware also has the ability to move laterally throughout a computer network enabling it to bring down entire computer systems.

This is what happened last May when WannaCry first struck hitting the UK National Health System, Maersk and FedEx knocking systems offline for weeks and causing millions of dollars in damage.

Despite WannaCry being very well known in cybersecurity circles and a patch being available, it has continued to cause problems since its initial public splash. Last month a dozen Connecticut state agencies were hit with the ransomware.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.