American plane manufacturer Boeing (NYSE: BA) is the latest victim of the WannaCry computer virus. The company says that the attack caused minimal damage. A Boeing official further specified that the virus impacted a limited number of older systems.
The WannaCry virus exploits a flaw in Windows software to gain access to a network. It was designed to lock users out of their data by encrypting files until the user pays a fee or other type of ransom. Once a single computer is infected, it can spread to all Windows computers on a network.
The WannaCry virus first surfaced in a May 2017 worldwide cyberattack. During that attack, WannaCry affected hospitals, banks and governments in several countries. The amount of ransomware infections dropped sharply after July, but are still occurring.
Several manufacturing companies have suffered production stoppages because of WannaCry infections in the last six months. The city of Atlanta recently experienced a five-day ransomware attack. The hackers demanded the equivalent of about $51,000 in bitcoin to unlock the city’s systems. Investigators, including the Federal Bureau of Investigation, are working to figure out the identity of the culprits.
The infection at Boeing could have come from a dormant version of the original virus or an updated WannaCry version. Microsoft issued patches to fix the flaw, but some companies with specialized equipment don’t update very often, leaving their systems vulnerable. Other hackers have also produced WannaCry variants that could defeat the fix.
An initial report by chief engineer Mike VanderWel at Boeing Commercial Airplane production engineering expressed concerns that “the virus would affect equipment used in functionality tests of airplanes and potentially ‘spread to airplane software’.” Those fears appear to be unfounded.
The company’s statement said, “Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production and delivery issue.”
The attack at Boeing was apparently limited to computers in the Commercial Airplanes division. The military and services units were not affected. Linda Mills, the head of communications for Boeing Commercial Airplanes, said, “The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”