Malware

Boeing production plant infected with WannaCry ransomware

According to a report from the Seattle Times, the dreaded WannaCry ransomware hit a Boeing production plant in Charleston, South Carolina on Wednesday.

WannaCry is back, this time it infected some systems belonging to US aircraft manufacturer Boeing.

According to a report from the Seattle Times, the dreaded ransomware hit a Boeing production plant in Charleston, South Carolina on Wednesday.

“All hands on deck,” reads an internal memo issued by Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering.

“It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,” 

The executive was concerned about the impact of the infection on the equipment used to test airframes after they roll off the production line.

What about if the infection will spread to other systems?

VanderWel was scared by the possibility that the WannaCry ransomware could “spread to airplane software.”

Of course, this scenario seems not possible because the airplane software is no more connected to another network that could be hit by a malware. In the past, the in-flight entertainment systems were sharing the same network used by systems running airplane software making possible a cyber attack.

“We’ve done a final assessment,” said Linda Mills, the head of communications for Boeing Commercial Airplanes. “The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”

“It took some time for us to go to our South Carolina operations, bring in our entire IT team and make sure we had the facts,” she added.

On Wednesday afternoon, Mills provided further details on the WannaCry infection that hit the Boeing production plant:

“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” she said. “Remediations were applied and this is not a production and delivery issue.”

In May 2017, WannaCry ransomware infected systems in more than 150 countries worldwide relying upon the EternalBlue Windows exploit.

WannaCry exploits a Microsoft Windows SMB vulnerability using an exploit stolen from the NSA arsenal and leaked by the Shadow Brokers hackers.

WannaCry, such as other wipers and ransomware, represents a serious threat to a manufacturing environment.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Wannacry ransomware, Boeing plant)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

CEO of cybersecurity firm charged with installing malware on hospital systems

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma's…

6 hours ago

JPCERT warns of DslogdRAT malware deployed in Ivanti Connect Secure

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti…

20 hours ago

SAP NetWeaver zero-day allegedly exploited by an initial access broker

A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at…

22 hours ago

Operation SyncHole: Lazarus APT targets supply chains in South Korea<gwmw style="display:none;"></gwmw>

The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a…

1 day ago

Interlock ransomware gang started leaking data allegedly stolen from leading kidney dialysis firm DaVita

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company…

1 day ago

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

Yale New Haven Health (YNHHS) announced that threat actors stole the personal data of 5.5…

2 days ago

This website uses cookies.