Ransomware has infected self-service kiosks at some service centers operated by the multinational conglomerate LG Electronics.
On 14 August, the electronic giant discovered that its kiosks were suffering from access problems. It subsequently took the kiosks offline and reported the issue to the Korea Internet & Security Agency (KISA), a web security subsidiary organization which operates under South Korea’s Ministry of Information. It didn’t take long for KISA to discover the source of LG’s troubles.
As a spokesperson for the agency told The Korea Herald:
“The problem was found to be caused by ransomware. There was no damage such as data encryption or asking for money, as we immediately shut down the service center network.”
It’s unclear how exactly the ransomware infected the kiosks at this time. But additional findings yielded by KISA’s investigation shed light on one possible delivery vector: unpatched Windows vulnerabilities.
The KISA spokesperson goes on to explain:
“We found that samples of the malicious code (found in LG’s kiosks) were identical to the WannaCry ransomware attack. More investigation is still needed to determine the exact cause.”
WannaCry made waves in May 2017 when it attacked the United Kingdom’s National Health Service (NHS), the telecommunications giant Telefonica, and other organizations. The ransomware demonstrated worm-like capabilities in that it self-propagated across vulnerable web-connected machines that suffered from an unpatched Windows bug. Using this distribution method, WannaCry affected more than 200,000 organizations in the month of May alone.
If LG Electronics’ kiosks did suffer a WannaCry infection, the incident suggests that the electronic giant didn’t apply all security updates made available by Microsoft. Dean Ferrando, EMEA manager at Tripwire, elaborates on this possibility and its relevance to the computer security industry for SC Magazine:
“… [M]any organisations are not good at applying software security updates. Applying available patches is one of the easiest ways to keep an organisation safe from new attacks however, the unfortunate truth is that, despite the warnings and advisories to patch and secure the systems, there will always be a system that is missed. Complacency could be another reason why new outbreaks are being discovered – some companies may feel that because they were not impacted in the immediate period of time afterwards, they won’t be infected as the controls they have in place are working without checking.”
Security isn’t a single event. It’s an ongoing process that requires constant attention. As a result, organizations should make an effort to protect themselves against ransomware threats like WannaCry by patching their systems on a regular basis, backing up their critical information, and conducing phishing simulations with their employees.
For more ransomware prevention strategies, click here.