The world continues to suffer consequences of WannaCry ransomware attack as computers are still being infected
Even those not particularly interested in cyber security could not help but notice or directly experience the havoc that WannaCry virus has brought to the world over a month ago. The attack has been terminated by the cyber community’s hero — a malware expert who calls himself MalwareTech. The researcher has identified a Command and Control server to which the malware connects before commencing with data encryption.
Unfortunately, cyber criminals were far from being put off by this minor setback. According to the virus activity investigators at VirusActivity.com, the malware has regenerated itself set off with a task to infect even more computers across the globe. Two months after its initial release, the virus is more active than ever and, to make matters worse is now followed by numerous lookalike versions created by other criminals who felt inspired by WCry’s success.
Naturally, virus spin-off versions did not make it as far as WannaCry; nevertheless, some of the more malicious virus variants managed to infect and cause considerable inconveniences for such major vehicle producers as Honda, Renault or Nissan.
Some cyber criminals even attempted to create malware versions with no kill-switch or viruses designed to target Android OS devices.
According to the experts, the follow-up virus versions were quite successful because even after the initial WannaCry attacks, people were reluctant to update their operating systems and install security patches. Thus, the virus could continue to exploit SMB vulnerability and infiltrate targeted devices.
North Korean hacker group believed to be behind the original virus
Origin of the WannaCry virus has fueled a lot of controversies, but one particular speculation has attracted exceptional attention. The idea was that the attacks were executed by a North Korean government-sponsored group of hackers called Lazarus. Malware researchers claimed that sections of the WCry code matched previously examined samples of malicious Lazarus creators. While North Korea rejects such accusations, we can’t be sure whether they really did not take part in the attacks.
Honda forced to terminate vehicle manufacturing plant in Japan because of WannaCry
Honda’s production unit Sayama in Tokyo is now up and running, but the plant had to be temporarily shut down after WannaCry has slipped into one of the company’s computers and blocked them, Reuters reports. The incident was reported on June 18, luckily, IT department managed to revive the network and computers were running as usual the next day already.
Honda is a huge company and owns establishments in Europe, North America, China and other parts of the world, but none of these branches were affected during the Sayama attack.
Nissan and Renault suffered halts in their production belts located in India, Romania, UK, Japan, and France for the very same reasons.
Virus takes down 55 traffic cameras in Australia
Australian police statement issued on June 22, reveals that 55 traffic cameras, including red-light and speed cameras in Australia, have stopped working for about 15 minutes after the traffic monitoring system has been hit by WannaCry.
Managed by a company called RedFlex, these cameras work offline, so the attack had to be executed from within, potentially by someone in charge of the system maintenance. It could be a simple USB drive that helped ransomware get inside the system.
Fortunately, the devices were easily fixed by restarting them and their out-of-service time lasted as long as it took for the cameras to reboot fully.