WannaCry Is Back – LG Had to Shut Down Its Systems for Two Days
WannaCry seems to be back already as LG reports discovering it on a self-service kiosk in South Korea earlier this month. The consumer electronics giant had to shut down parts of its network for over two days.
When WannaCry ransomware hit the businesses earlier this year, it managed to infect over 300,000 devices. The ransomware outbreak pushed many to suspend their work since attackers had taken control of their devices and data. It could have even affected more businesses if it hadn't been "accidentally" stopped by Marcus Hutchins (who has been accused of selling Kronos banking malware by the US). While Microsoft had already fixed the flaw used by WannaCry creators back in March, it also released an emergency patch to Windows XP and other Windows versions that were out of support.
"Enable Windows Update, update and then reboot," Hutchins had asked everyone. But at the time, Hutchins had also warned, that "the attackers will realise how we stopped it, they’ll change the code and then they’ll start again." Apparently, attackers don't even need to change the code since there are plenty of machines that still haven't been updated.
LG hit by WannaCry ransomware
Back in the real world, not many actually did install that emergency security update. Unlike user machines, businesses are at the most risk and are almost always the last to install any latest security updates. Microsoft had released an emergency patch to fix the vulnerability in Windows' Server Message Block (SMB) v1 networking protocol. Despite the patch being available since May for everyone, several businesses are yet to install this critically important update.
Now, LG has confirmed that it had to shut down parts of its network for two days after its systems became victim to WannaCry ransomware.
"We analyzed the malicious code that caused delays at some service centers on Aug 14th with the help of KISA [Korea Internet & Security Agency] and confirmed that it was indeed ransomware. According to KISA, yes it was the ransomware known as WannaCry," an LG spokesperson told ZDNet. The consumer electronics manufacturer had to block access at the infected service center to make sure it didn't spread to other parts of the organization.
WannaCry isn't the only ransomware strain that was discovered exploiting these flaws as it started a number of new ransomware campaigns in its wake - all using the same leaked NSA exploit. Government agencies have so far blamed North Korea for the ransomware outbreak. Whoever is to be blamed for this outbreak already cashed out their bitcoin wallets that they used to receive the ransom money earlier in August.
LG says it hasn't lost any data and hasn't paid any ransom. The company also said that the security updates have now been installed on the infected machines.