PINDROP BLOG

WannaCry Still Causing Trouble a Month On

More than a month after the WannaCry ransomware began making its way through networks around the world, the worm still is causing serious trouble in some places. Honda this week had to shut down an auto assembly plant temporarily due to a WannaCry infection, and the ransomware also has hit traffic cameras in Australia.

Officials at Honda said the company discovered the ransomware infection last weekend and on Monday had to halt production at a factory near Tokyo because of it. The infection and subsequent shutdown cost the company about a day’s worth of production, which is roughly 1,000 vehicles.

In Australia, meanwhile, the WannaCry ransomware infected more than 50 traffic cameras in Victoria. The infection began when a technician connected a USB drive infected with the malware to the cameras, according to a report by Bleeping Computer.

WannaCry has been infecting machines of all different kinds since May, when it began spreading through hospitals and other organizations in the U.K. and Europe. The ransomware is the first major self-replicating worm of its kind and had a devastating effect on many of the organizations it infected. WannaCry not only has the ability to spread on its own, but it also uses an exploit for a vulnerability discovered by the NSA that later was leaked as part of the Shadow Brokers dumps.

Researchers have been able to stem the spread of the ransomware through the use of a couple of kill-switch domains that were hard coded into WannaCry, cutting off the worm’s spreading mechanism. But as the Honda and traffic-camera infections show, the ransomware hasn’t gone away completely.

CC By-sa license image by Dave Dugdale

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS