Boeing has said it contained a ‘limited’ attack on a production facility by the WannaCry virus, after an engineer sent an alarming memo warning it could ‘spread to airplane software.
The attack by the feared ransomware, which crippled the UK’s National Health Serivice last year, hit a Boeing commercial airplane assembly facility in North Charleston, South Carolina on Wednesday.
‘It is metastasizing rapidly out of North Charleston and I just heard 777 (automated spar assembly tools) may have gone down,’ Mike VanderWel, chief engineer at Boeing Commercial Airplane production engineering wrote in a memo calling for ‘All hands on deck’, the Seattle Times reported.
VanderWel added his concern that the virus could hit equipment used in functional tests of airplanes and potentially ‘spread to airplane software.’
The 787 Aft Body manufacturing area is seen at Boeing South Carolina in North Charleston, South Carolina in a file photo. The facility was attacked by WannaCry on Wednesday
The attack triggered widespread alarm within Boeing, but by later in the day the company was calling for calm.
‘A number of articles on a malware disruption are overstated and inaccurate,’ Boeing said in a statement a little after 7pm.
‘Our cybersecurity operations center detected a limited intrusion of malware that affected a small number of systems. Remediations were applied and this is not a production or delivery issue,’ the statement said.
Boeing spokeswoman Linda Mills told the Times that the vulnerability was ‘limited to a few machines’.
She said software patches were deployed and there was no interruption to 777 production or any other program.
Boeing Dreamliner 787 planes sit on the production line at the company’s final assembly facility in North Charleston, South Carolina in a file photo. The attack was quickly contained
WannaCry first gained infamy in May of 2017, in a series of attacks in countries around the world.
The UK National Health Services was one of the largest victims of that attack, with over 70,000 devices in English and Scottish hospitals infected. In all, some 200,000 computers were infected across 150 countries.
In December, the US government publicly declared that it considered North Korea to be responsible for that attack.
Microsoft issued a patch in April 2017 that fixes the vulnerability in Windows software that WannaCry exploits.
However, some companies with specialized equipment do not frequently update their custom software, for fear patches will damage the systems.