“Small number of systems” suffer “limited malware intrusion” Boeing appears to be the most recent target of the WannaCry ransomware, but the company says that it detected only what it calls “limited malware intrusion” impacting a “small number of systems.”
The ransomware first hit Boeing on Wednesday evening, and Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out a memo to warn that the infection could even affect airplane software.
“It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,” VanderWel was quoted as saying by The Seattle Times.
WannaCry was first detected in 2017 and the ransomware triggered a prompt response from Microsoft, who issued emergency security patches even for the unsupported Windows XP. While Windows 10 was protected against WannaCry, statistics showed that Windows 7 was the most affected by the outbreak, despite the said patches.
WannaCry encrypted the data on affected systems and asked for a ransom in exchange for the decryption key. If Boeing was indeed hit by WannaCry, the company was most likely operating older versions of Windows without the 2017 patches installed. This is more worrying given that Microsoft has also patched several major vulnerabilities in the meantime as well, so Boeing’s systems could be open to more exploits if this is indeed the case.
Systems running normally now, Boeing says
In a statement released a few hours ago, Linda Mills, the head of communications for Boeing Commercial Airplanes played down the attack and suggested that planes are secure.
“We’ve done a final assessment. The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs,” she said.
Nothing has been said about the malware involved in the attack, so it’s yet to be confirmed if WannaCry has indeed been used to encrypt the systems.
In a tweet on March 29, Boeing reiterates that only a small number of devices was affected by the attack, and operations have returned to normal shortly after the intrusion was detected.
“A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue,” it said.