Boeing is the Latest WannaCry Ransomware Victim
The alarm bells were blaring this week at Boeing. In the early hours Wednesday morning, computers on the aerospace giant’s network were being attacked by the WannaCry virus.
WannaCry hasn’t been in the headlines for quite some time, at least not because of high-profile infections like this one. Most of the WannaCry incidents that made the news happened last summer. In December, WannaCry was in the news again when authorities from the U.S., U.K., and Australia formally pinned the attacks on North Korea.
Some victims were hit extremely hard by the ransomware. A Boeing spokesperson said the infection was “limited to a few machines,” without mentioning specific numbers. Another an earlier internal communication had reported that the infection was “metastasizing rapidly,” which is WannaCry’s trademark.
It spreads incredibly quickly to vulnerable machines thanks to a combination of NSA exploits that were leaked by the infamous Shadow Brokers. Patches that protected most Windows users from those exploits were released by Microsoft in March of 2017. Those still running XP received an emergency patch two months later in an unprecented move by Microsoft.
If machines on Boeing’s network were infected, they were lacking this critical update. At best, that means they were 10 months late installing an update that Microsoft considered to be of the highest urgency. At worst, it was a full year.
It’s widely known that big operations like Boeing run outdated software. Systems that play a vital role sometimes depend on very specific hardware or programming that could be negatively impacted by upgrading. Ignored for too long, however, those systems become a serious liability — especially when not properly isolated from the rest of a network.
Given WannaCry’s destructive nature, the Boeing outbreak could’ve been much more serious. Fortunately, it’s much easier to fend off a WannaCry attack today than it was 10 months ago.
*This article is by Lee Mathews, and was originally published on Forbes.com