The WannaCry incident is indeed going to be remembered in history as one of the most devastating and dreadful ransomware attacks. Not only did it affect the victims shortly after its release, but its self-spreading mechanism is still causing havoc.
In the latest report, it has been revealed the ransomware has attacked a Honda plant in Sayama, located northwest of Tokyo. As a result, the automobile giant was forced to shut down its operations on the 19th of June, to avoid any further accidents.
The WannaCry malware
Little did Honda know that after the break-out in mid-May, the ransomware will still be lurking in cyberspace and would step foot in one of Honda’s plants where more than 1,000 cars are manufactured.
The ransomware was found in Honda’s systems on the 18th of June and as expected, the entire network was affected severely.
The tools included EternalBlue and DoublePulsar which were used to install the malware in the system and allow it spread to computers running on Windows operating systems. The malware essentially exploited a vulnerability existing in Windows’ Server Message Block (SMB) protocol.
Once the ransomware is loaded into the system, it encrypts all the files and the user can only access them if he/she pays a certain amount of ransom in Bitcoins. It was reported that the ransomware amounted to USD 300.
Just two days after the attack, it was reported that as many as 200,000 users had been infected in 150 countries and those affected included large organizations including the entire British National Health System (NHS).
As far as Honda is concerned, although the effects are significant, other plants, however, have not been affected.
Andrew Clarke, the director of One Identity, stresses that these incidents compel organizations than ever before to spruce up their security and regularly check their networks to identify any inconsistencies.
Clarke also stated that usually, individuals could access an organization’s system for a short time, although not indefinitely. However, this is enough for unscrupulous attackers to find a loophole in the system and abuse the privileges as such.
Indeed, with the advent of WannaCry, ransomware attacks have reached record-high levels with network-level malware being released very frequently. This implies that attackers only need a little amount of time to find a particular vulnerability and exploit it to their advantage.
Case in point, just recently ransomware named Erebus infected the networks of a web hosting company in South Korea, called NAYANA. As many as 3,500 clients were affected that were operating on NAYANA’S platform.
The firm was then forced to pay 1 million USD ransom to get their files back. As for the Erebus malware, it was designed to infect Linux-based networks and it did so quite effectively, so much so that the company was compelled to pay more than a million dollars in ransom to have their system restored