WannaCry continues to wreak havoc worldwide - Honda, RedFlex among the victims

More than a month after the first WannaCry outbreak, the virus continues to infect machines worldwide

Almost everyone heard about the initial WannaCry cyber attack that started on May 12. Luckily, shortly after the first WannaCrypt0r outbreak a malware researcher that goes under MalwareTech nickname stopped the attack^[1] by registering the domain that the ransomware addresses before encrypting files on the target computer.

However, was this enough to stop the cybercriminals from using the illegal software to extort inattentive computer users? Unfortunately, not. The VirusActivity.com reveals that WannaCry continues to wreak havoc on a global scale.

It’s been more than a month since the initial cyber attack; however, updated Wanna Cry versions continue to spread^[2]. After getting so much media coverage, the infamous ransomware became an example to wannabe cybercriminals, who attempted to create no-kill-switch or even Android versions^[3] of the virus.

However, these versions weren’t as sophisticated as the original ransomware which managed to infect giant companies like Honda, Renault, and Nissan.

As soon as more information about the real virus emerged, experts started speculating what are the origins of the infamous virus. Some security researchers were quick to blame North Korea for the cyber attack. According to them, some code parts of the virus match previously analyzed malware used by North Korea hacking group known as Lazarus^[4]. North Korea later denied playing a role in the cyber attack.

Although the media has been publishing ransomware prevention tips and tricks, it seems that a large number of people failed to install the most important updates to their Windows computers that prevent WannaCry virus from infecting the system. These unpatched Windows OS are open to the virus that leverages SMB vulnerability to compromise the target system.

WannaCry forces Honda to temporarily shut down production in car plant in Japan

According to Reuters report^[5], Honda was forced to halt production at one of its car factories after its been struck with WannaCry ransomware. The company suspended the work in its Sayama car plant (Tokyo), temporarily stopping the production of models including Step WGN, Odyssey, and Accord.

The company noticed virus’ infiltration on Sunday, June 18. It appears that the virus has compromised company’s networks in Japan, Europe, North America, China and even other regions. However, production at other plants except the one in Sayama weren’t affected. Honda Motor, Co handled the attack, and the car plant continued the production the following day after it was halted.

It isn't the first case when the indicated ransomware attacks a car manufacturer. The malicious virus has previously hit Nissan and Renault, forcing them to suspend car production in India, France, Romania, Japan, and UK.

The same ransomware wreaks havoc in Australia – infects 55 traffic cameras

Victoria Police verified that the infamous ransomware was spotted rampaging in Australia recently. According to the report, the malicious computer virus compromised 55 traffic cameras, including speed and red-light cameras. The cameras belong to vehicle monitoring and enforcement service RedFlex which is a government contractor.

The incident was first reported via 3AW radio on June 22^[6] after the radio show host failed to get an appropriate response from authorities.

The compromised cameras operate without an Internet connection, and that means that someone responsible for their maintenance jeopardized them. It appears that cameras were infected with a USB containing the ransomware.

The cameras, however, continued to operate. The only issue that the ransomware caused was unexpected camera reboots, taking cameras offline for about 15 minutes or however long it takes for them to restart fully.

The system was patched to prevent the spread of the virus, and the Justice and Regulation Department is currently deleting the WannaCry virus from the compromised devices. The issue should be fixed within a couple of days.