Boeing possibly hit by WannaCry malware attack

Boeing played down the attack and said it was limited in scope.
Boeing played down the attack and said it was limited in scope. PHOTO: REUTERS

MONTREAL (NYTIMES) - Boeing said on Wednesday (March 28) that it had been hit by a cyber attack that some Boeing executives identified as the same WannaCry computer virus that struck thousands of computer systems in more than 70 countries around the world last year.

In an internal memo, Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, said the attack was "metastasising" and he worried it could spread to Boeing's production systems and airline software.

"We are on a call with just about every V-P in Boeing," VanderWel wrote. The memo called for "All hands on deck".

WannaCry is a particularly vicious form of what is known as ransomware - malware that locks up victims' computers and data with encryption, until attackers' extortion demands are met, often in the form of the virtual currency bitcoin. Even for victims who agree to pay, decryption is not always guaranteed. The city of Atlanta was hit with a different form of ransomware last week and was still reeling from the fallout on Wednesday.

In a statement on Wednesday evening, Boeing played down the attack and said it was limited in scope and had not affected the company's production lines.

"A number of articles on a malware disruption are overstated and inaccurate," Boeing's statement said.

"Our cyber-security operations centre detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue."

Charles Bickers, a Boeing spokesman, declined to elaborate or confirm whether the attack was indeed WannaCry, the computer virus US officials officially blamed on North Korea last December.

What made WannaCry so much more destructive, security experts discovered during last year's outbreak, was that it employed an automated tool that was first developed at the National Security Agency (NSA) and later dumped online in 2016 by mysterious hackers called Shadow Brokers.

That tool, which the NSA code-named Eternal Blue, exploited a vulnerability in Microsoft Windows software that allowed attackers to spread their malware automatically through vulnerable machines. In other cases, ransomware attackers had to manually encrypt victim's systems.

By incorporating the NSA's tool into their ransomware last May, hackers ensured their attack would encrypt as many vulnerable machines as possible, causing maximum disruption. White House officials said North Korea was "directly responsible" for the attack.

The WannaCry attacks paralysed computers and business operations in more than 74 countries, forcing Britain's public health system to turn patients away and freezing computers at government agencies in Russia and FedEx in the United States, in what was the largest known ransomware assault.

Microsoft offered an emergency "patch" that effectively neutralised the vulnerability WannaCry's attackers used to spread, but unpatched systems remain vulnerable.