Readers would be forgiven for thinking this an old news story from last year. However, as of Wednesday, March 28, 2018, the Seattle Times reported that Boeing, a world leader in aircraft design and their sales, was experiencing a WannaCry attack. The same WannaCry ransomware that made international headlines the year before.In May 2017 reports began surfacing of a ransomware worm that spread rapidly across numerous networks. The ransomware was dubbed WannaCry and once it infected a Windows-based system it encrypts files on the PC's hard drive, making them impossible for users to access, then demands a ransom payment in bitcoin in order to decrypt them. Based on that one would think it was just a run of the mill ransomware. There were, however, a few factors that made the new ransomware strain noteworthy. It struck a number of important and high-profile systems, including many in Britain's National Health Service; it exploited a Windows vulnerability that was suspected to have been first discovered by the United States National Security Agency; and it was tentatively linked by Symantec and other security researchers to the Lazarus Group, a cybercrime organization that may be connected to the North Korean government. All this combined made the attack a perfect cybercrime storm.
It was estimated after the initial attack that businesses and organizations across 150 countries could have lost upwards of a combined 4 billion USD. This figure is particularly staggering when one considers that in 2016, ransomware schemes resulted in caused losses of 1.5 billion USD, according to market researcher Cybersecurity Ventures. That includes lost productivity and the cost of conducting forensic investigations and restoration of data. While the potential losses from reduced productivity and efforts to mitigate the damage from WannaCry were significant, the actual ransom collected through the attack is likely to be modest. Cybercriminals behind the scam typically demanded 300 USD in Bitcoin to unlock a company's computers.
Initially, the news about the attack broke when Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering, sent out an alarming alert about the virus calling for “All hands on deck.” The memo went further to say that
“It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,”
and he added further concern that the virus could hit equipment used in functional tests of airplanes ready to roll out and potentially “spread to airplane software.”
Within the memo, VanderWel said the attack required “a batterylike response,” a reference to the 787 in-flight battery fires in 2013 that grounded the world’s fleet of Dreamliners and led to an extraordinary three-month-long engineering effort to find a fix. Boing quick to respond issued the following statement:
“A number of articles on a malware disruption are overstated and inaccurate. Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue.”
Linda Mills, the head of communications for Boeing Commercial Airplanes, further downplayed the severity of the attack stating:
“The vulnerability was limited to a few machines. We deployed software patches. There was no interruption to the 777 jet program or any of our programs.”
Atlanta also suffered a WannaCry Attack
Perhaps the panic felt by employees at Boeing initially before analysis of the problem could take place may be colored in part by what happened to government organizations in Atlanta the week before. City officials reported that departments of the state government were dealing with a ransomware cyber-attack. The attack caused outages on several computer systems. Online bill paying services and some law enforcement data was unavailable. Atlanta's courts also said they were unable to process ticket payments because of the breach, whether online or in person. Residents facing court cases for some low-level offenses received a reprieve of sorts due to the attack. In relation to these attacks, it is believed that WannaCry was the offending piece of Malware.
Five days after the Atlanta attacks began the state was still dealing with effects caused by the attack. It was reported that the impact of the cyber attack is still affecting Hartsfield-Jackson Atlanta International Airport, which shut down its WiFi system as a precaution. A notice on the website of the world's busiest airport said internet difficulties meant security wait times and flight information were unavailable and advised travelers to check with individual airlines. It was also further reported that a suburban town under 40 km away from Atlanta advised residents to monitor their bank accounts and credit report because a hacker may have gained access to a city server in Loganville, Georgia. The possible hacking occurred on March 15, and personal and financial information including Social Security numbers and banking information may have been compromised, the city announced Monday on Facebook.
While the Boeing attack may not have been as serious as initially expected such attacks can have major effects on production. The co-founder, Jake Williams, of Rendition InfoSec told the Seattle Times that he knows of three manufacturing companies, two of them now his clients in the United States that suffered production stoppages because of WannaCry infections in the last six months. One plant was down for 24 hours, another for 96 hours. In both cases, configuration files that controlled machines were lost and systems had to be reinstalled from scratch before production could restart. He declined to name the companies because of nondisclosure agreements. Such incidents serve to highlight how complex the fight against cybercrime can be. While a lot of attention and effort is attributed defending against new strains of malware older strains can still cause a lot of damage. Older strains are also continually updated to include more features or ways of infecting systems. WannaCry used a worm to infect multiple systems. Till that point worms, a product of the 90s were rarely used in modern attacks but still it proved to be massively effective.