A derivative of Microsoft Windows ransonware, Wannacry, has hit a Boeing production plant in Charleston, South Carolina. An internal memo from Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, warned that the company's production systems and airline software were "at risk".
Wannacry was based on Microsoft Windows' CVE 2017-0144 which is used in the EternalBlue exploit kit. EternalBlue was initially utilized in apparent coordination with Microsoft's long delay in patching. Despite massve media spin, Wannacry was found to have hit all recent versions of Microsoft Windows.
From:
The Verge: Boeing production plant hit with WannaCry ransomware attack
The New York Times: Boeing Possibly Hit by ‘WannaCry’ Malware Attack
The Daily Express: Vital Boeing computer network INFECTED with WannaCry VIRUS - is it safe to fly?.
Related Stories
Symantec and FireEye have linked the recent WannaCry ransomware attacks to North Korea:
Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.
The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.
[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."
Also at NYT, Reuters, Ars Technica, and The Hill. Symantec blog (appears scriptwalled).
Here's a screenshot of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.
The United Kingdom released its final report Friday on the WannaCry ransomware attacks that caused mass disruption in its hospital system, with a U.K. official saying the country believes the attacks originated in North Korea.
"This attack, we believe quite strongly that it came from a foreign state," Ben Wallace, a junior minister for security, told BBC 4 Radio, adding that the government was "as sure as possible" that nation was North Korea.
NHS 'could have prevented' WannaCry ransomware attack
The report said NHS trusts had not acted on critical alerts from NHS Digital and a warning from the Department of Health and the Cabinet Office in 2014 to patch or migrate away from vulnerable older software.
The Department of Health also lacked important information, the report said. "Before 12 May 2017, the department had no formal mechanism for assessing whether NHS organisations had complied with its advice and guidance."
Organisations could also have better managed their computers' firewalls - but in many cases they did not, it said.
NHS organisations have not reported any cases of harm to patients or of their data being stolen as a result of WannaCry.
Also at NPR.
(Score: 2) by Grishnakh on Thursday March 29, @03:18PM (2 children)
What kind of moron uses Microsoft Windows on critical computing systems? They're getting exactly what they deserve. I hope they go out of business and get acquired by Airbus for pennies on the dollar.
(Score: 2) by Gaaark on Thursday March 29, @03:21PM
And might I just add "Hahahaha hahahaha hahaha.....etc"
Window is a gaming platform at best. Critical systems? Idiots.
--- That's not flying: that's... falling... with more luck than I have. ---
(Score: 0) by Anonymous Coward on Thursday March 29, @03:26PM
Your boss and his golfing buddies do.
(Score: 1, Insightful) by Anonymous Coward on Thursday March 29, @03:28PM
... I have no idea why people use Windows for anything.
With billions of dollars of IP on the line, you'd think that these wealthy corporations would band together to developer an operating system that really appreciates security.
Then again, these wealthy corporations suck on Uncle Sam's golden teat. What do they care? They'll still have an income—they'll probably get a tax break for the losses.