Boeing production plant infected with WannaCry ransomware

According to a report from the Seattle Times, the dreaded WannaCry ransomware hit a Boeing production plant in Charleston, South Carolina on Wednesday.

WannaCry is back, this time it infected some systems belonging to US aircraft manufacturer Boeing.

According to a report from the Seattle Times, the dreaded ransomware hit a Boeing production plant in Charleston, South Carolina on Wednesday.

“All hands on deck,” reads an internal memo issued by Mike VanderWel, the chief engineer at Boeing Commercial Airplane production engineering.

“It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,” 

The executive was concerned about the impact of the infection on the equipment used to test airframes after they roll off the production line.

What about if the infection will spread to other systems?

VanderWel was scared by the possibility that the WannaCry ransomware could “spread to airplane software.”

Of course, this scenario seems not possible because the airplane software is no more connected to another network that could be hit by a malware. In the past, the in-flight entertainment systems were sharing the same network used by systems running airplane software making possible a cyber attack.

“We’ve done a final assessment,” said Linda Mills, the head of communications for Boeing Commercial Airplanes. “The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”

“It took some time for us to go to our South Carolina operations, bring in our entire IT team and make sure we had the facts,” she added.

“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” she said. “Remediations were applied and this is not a production and delivery issue.”

In May 2017, WannaCry ransomware infected systems in more than 150 countries worldwide relying upon the EternalBlue Windows exploit.

WannaCry exploits a Microsoft Windows SMB vulnerability using an exploit stolen from the NSA arsenal and leaked by the Shadow Brokers hackers.

WannaCry, such as other wipers and ransomware, represents a serious threat to a manufacturing environment.

Pierluigi Paganini

(Security Affairs – Wannacry ransomware, Boeing plant)

[adrotate banner=”5″]

[adrotate banner=”13″]