News

Boeing WannaCry run-in is a reminder to patch your systems

File photo of A Boeing 737 MAX is sitting outside the hangar during a media tour of the Boeing 737 MAX the Boeing factory in Renton, Washington, Dec. 8, 2015. (REUTERS/Matt Mills McKnight)

WannaCry is making headlines again, and this time hit a key objective: to Boeing. The aerospace company quickly recognized the infection, which distributed only a few dozen computers.

“Our cybersecurity operations center detected a limited penetration of malware that the influence of a small number of systems. Remediations were applied, and this is not a production or delivery issue,” the company said in a statement.

Boeing no details about the attack, but said that the first reports of a devastating attack “exaggerated and inaccurate.” Only computers with Boeing for commercial aviation were affected; the company’s defence and services lines.

WannaCry originally appeared in May 2017, infecting unpatched Windows systems with the help of the leaked NSA hacking tech. More than 200,000 machines were hit in what is already quickly a computer worm. Fortunately, a security researcher enabled a “kill switch” in the ransomware which effectively neutralized the attacks —but not quite.

More From PCmag

  • Offers: $100 Off iPad Mini 4, $100 Bonus Gift Card With Xbox One X

  • iOS 11.3 Comes With the Health of the Battery Functions, and More

  • Hands On With the Intel Hades Canyon’ Mini-game-PC

  • Windows Chief Terry Myerson Leaving Microsoft

The kill-switch has an important disadvantage: it can only prevent new WannaCry infections when the destination computer is able to reach online on a special website of the domain. The ransomware will be told to resign. What happens when a machine is not up to the special web-domain? Well, then there is nothing to hold the infection back. Security researchers say that the ransomware will attack the computer, encrypting all the data within.

The threat is particularly relevant for companies that are Windows-based systems with limited or no access to the internet. “Most of the systems within a production network is not configured to talk to the internet,” said Jake Williams, founder of IT security provider View Infosec. “As a result, they can not have access to the kill-switch domain.”

How Boeing was infected with WannaCry is not clear. But the company is not alone. Williams said that he knew of at least three other organizations to get the production shut-down of new WannaCry infections over the last six months. In one case, a supplier mistakenly an unpatched laptop with a live WannaCry infection in a corporate network.

“We think that it is infected when a other client was the seller, hibernated, and then to the new site,” Williams said. The infection is then “pulled by the network, like a hot knife through butter,” he added.

On this day, some computers continue to be live carriers of WannaCry. These machines probably became hosts of the ransomware for the kill switch was activated, but for whatever reason never ended. They continue scanning the internet for unpatched Windows systems in an attempt to spread. However, the infections are harmless, except for the access to the kill-switch is denied, said Salim Neino, CEO of security provider by Kryptos Logic. “Systems that do not connect or to the right are at serious risk,” he added.

Companies that want to eliminate any run-ins with the infamous ransomware should install the Microsoft patches, which can stop the threat.

This article originally appeared on PCMag.com.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most popular