Boeing reportedly hit by Wannacry ransomware

Boeing has reportedly been struck in a major way by Wannacry, the ransomware that spread like wildfire last year. The Seattle Times obtained a memo from Mike VanderWel, of the company’s commercial airliner division, describing the malware as “metastasizing rapidly.” A Boeing representative, however, indicated that the situation isn’t nearly that dire (see update).

Wannacry, you may remember, spread using a Windows exploit leaked from NSA files, demanded a modest sum in bitcoin to decrypt the victim’s files, and was stopped in dramatic fashion by a single person. Investigators confidently but, as with most attacks like this, circumstantially attributed the attacks to North Korea.

VanderWel’s memo says that the infection appears to have started in North Charleston, and for all we know is still spreading: “I just heard 777 (automated spar assembly tools) may have gone down,” he writes, and “airplane software,” whatever that term really means inside a company that makes airplanes, could be next.

Update: A statement from Boeing issued shortly after the original story went life downplayed the situation:

A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.

A Boeing representative also indicated to TechCrunch that the number of machines affected was in the dozens and that it had been contained with no impact to aircraft production. No details were available regarding how the ransomware was stopped or whether any data was successfully ransomed; I’ll follow up later to see if more information is available.

Although the attacks may have originated in North Korea and Boeing is of course a major defense contractor, it would be premature to connect those dots at this moment. Wannacry was far from a targeted strike; it was “indiscriminately reckless,” as one U.S. official rather redundantly put it, spreading geometrically and affecting soft targets like hospitals as well as individuals.

Wannacry’s initial flare-up may have been tamped down with the “kill switch” and subsequent patches addressing the exploit, but clearly it was not eliminated altogether — though this may very well be a mutation or modified version of the original software.

We’ve asked Boeing for more information and will update this story if we hear back.