Boeing was hit by the WannaCry computer virus Wednesday, initially raising fears within the company that airplane production could be affected. Later Boeing played down the impact and called it a “limited intrusion” with production unaffected.
Boeing was hit Wednesday by the WannaCry computer virus, initially raising fears within the company that it could cripple some vital airplane production equipment.
Later, the company played down the impact and said production was unaffected.
After the cyberattack struck, Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out an alarming memo calling for “All hands on deck.”
“It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,” VanderWel wrote, adding his concern that the virus could hit equipment used in functional tests of airplanes ready to roll out and potentially “spread to airplane software.”
Most Read Business Stories
Late Wednesday afternoon, however, Boeing issued a statement dialing back those fears.
“Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems,” Boeing said. “Remediations were applied and this is not a production and delivery issue.”
Nevertheless, the attack triggered widespread alarm within the company.
VanderWel’s message said the attack required “a battery-like response,” a reference to the 787 in-flight battery fires in 2013 that grounded the world’s fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix.
“We are on a call with just about every VP in Boeing,” VanderWel’s memo said.
Hacks and fixes
The WannaCry virus, which exploits a flaw in Windows software to gain access to a network, attacks computers using “ransomware.”
It was designed to lock users out of their data by encrypting files until they pay a fee, sometimes in cryptocurrency, or other type of ransom.
Ransomware attacks have increased in recent years. The city of Atlanta experienced a five-day ransomware attack that was mostly fixed by Tuesday.
However, Jake Williams, founder of cybersecurity consultancy Rendition Infosec, said the ransomware part of the WannaCry virus is broken and there’s actually no way to pay a ransom that will retrieve files once encrypted.
The WannaCry virus first surfaced in a May 2017 worldwide cyberattack. Once a single computer is infected it can spread to all Windows computers on a network.
At the time, the Trump Administration blamed North Korea for the attacks.
Microsoft issued patches to plug the vulnerability. However, Corey Nachreiner, chief technology officer of Seattle security technology firm WatchGuard Technologies, said some companies with specialized equipment don’t update very often for fear their custom-built systems will be in danger.
Microsoft declined to comment on the Boeing cyberattack.
Mitchell Edwards, a Dallas, Texas-based cyberthreat intelligence analyst, said that although a so-called “kill switch” fix for the WannaCry virus was quickly developed, other hackers were also quick to produce WannaCry variants that could defeat the fix.
He said the virus used to attack Boeing was unlikely to be the original WannaCry virus but an updated version.
Production systems hit recently
Edwards also said the virus could have spread to Windows workstations used, say, by engineers to monitor or test production equipment but not to the production equipment itself.
He said the virus is unlikely to have had a big impact on production.
“Obviously, Boeing isn’t going to be running its entire production network on Windows,” he said. “I hope not. So it’s likely a limited infection.”
Williams of Rendition Infosec was less optimistic about that.
He said he knows of three manufacturing companies, two of them now his clients in the U.S., that suffered production stoppages due to WannaCry infections in the last six months.
He said one plant was down for 24 hours, another for 96 hours. In both cases, configuration files that controlled machines were lost and systems had to be re-installed from scratch before production could restart.
He declined to name the companies because of nondisclosure agreements.
“Tons of manufacturing equipment runs on Windows. I was surprised,” said Williams.
In addition, he said, some factory equipment runs on Windows Embedded, which is a variant of the operating system used in computer-controlled machines.
An infection of the Windows Embedded machines “absolutely will bring down a plant,” he said.
Once the Boeing cyberattack news broke, some on social media raised the “nightmare scenario” of the virus infecting an airplane’s control software and possibly triggering a ransomware demand while in the air.
Edwards dismissed this as “hysteria.” Nachreiner and Williams agreed.
“I don’t think that’s realistic,” said Williams. “I don’t think any of Boeing’s planes or any aircraft anywhere run Embedded Windows. It’s not suitable for applications that require consistent, real-time availability without delay because lives depend on it.”
In contrast, Williams said the threat to production systems is real, though solvable.
“I’ve seen three stoppages in the last six months and I don’t think this will be the last,” he said. “If you are in manufacturing today, you need to do some preparations. It’s easy to shut this thing down.”
His company has produced a free software fix called Tearstopper that he said prevents WannaCry viruses from encrypting files.