pixel_dreams - Fotolia
South Korean security authorities reportedly said the code used in a ransomware attack on LG Electronics’ service centres on 14 August was the same as the WannaCry code.
The company shut down the self-service kiosks to halt the spread of the ransomware and reported the incident to the state-run Korea Internet & Security Agency (KISA), according to The Korea Herald.
“The problem was found to be caused by ransomware. There was no damage such as data encryption or asking for money, as we immediately shut down the service centre network,” the company said.
All the kiosks are reportedly working normally after the company said it completed “security updates” for the infected machines.
KISA said there is a possibility that the kiosks were affected by the WannaCry ransomware that infected more than 230,000 computers in over 150 countries in May.
“We found that samples of the malicious code were identical to the WannaCry ransomware attack. More investigation is still needed to determine the exact cause,” a KISA official said.
Although it is unclear whether the LG Electronics service centres were hit by WannaCry or a variant, it appears the company had not applied all the security updates available from Microsoft.
The fact that WannaCry attack was able to spread using a server message block (SMB) vulnerability that Microsoft had already patched, has highlighted the fact many organisations are not good at applying software security updates.
Failure to apply the Microsoft patches aimed at addressing the EternalBlue SMB exploit used by WannaCry could mean that many organisations are still vulnerable to malware using the exploit.
WannaCry was characterised by its use of EternalBlue, one of the NSA-developed exploits that were leaked by the Shadow Brokers hacking group. According to security researchers, these leaked exploits are a real game changer in malware creation, particularly the SMB exploits.
Organisations urged to be prepared
Security experts have urged all organisations to ensure they are patched up to date for all the leaked exploits, particularly EternalBlue and EternalRomance, which were both used for the NotPetya attacks a few weeks after the WannaCry attacks.
Companies around the world are counting the cost of the NotPetya attacks, with Danish shipping firm AP Moller-Maersk reporting the impact on its container shipping arm Maersk Line to be as much as $300m.
Security firm Check Point is also urging organisations to ensure they have applied the recently-released patch for CVE-2017-8620, which the company warns is an “especially dangerous vulnerability” because it affects all current versions of Windows.
An exploit of the vulnerability could enable cyber criminals to spread an attack between computers in the network in much the same way as EternalBlue did for WannaCry, the Check Point threat prevention team warned in a blog post.
They urged organisations to apply the patch for the vulnerability to avert another global attack like WannaCry.
“The writing is on the wall. Users and organisations must learn the lesson from the WannaCry attack, and upgrade their protections now before it’s too late,” they said.