The WannaCry ransomware worm is still having an impact on organizations around the world, more than a month after it first emerged. The latest victims appear to be Honda Motor Co. in Japan and traffic cameras in Australia.
WannaCry first struck organizations on May 12 by abusing the MS17-010 vulnerability that Microsoft had patched in March. WannaCry exploits unpatched Server Message Block (SMB) services on Microsoft operating systems to gain access and then encrypt data, holding it for ransom until the victim pays up.
According to a Reuters report on June 21, Honda shut down production at its Sayama plant, where it manufactures approximately 1,000 cars a day including the Accord sedan and Odyssey minivan. The plant was only shut down on June 19, with normal operations restored on June 20. Honda reportedly discovered the WannaCry infection on June 18 at Sayama, with no reports of its other plants being impacted.
While WannaCry was slowing production of vehicles in Japan, it might have helped drivers in Australia go a bit faster. Australian authorities reported on June 22 that more than 50 traffic cameras were infected with WannaCry.
Security firms continue to track WannaCry and expect that it will remain an active threat risk for some time to come. Gavin Millard, technical director at security vendor Tenable Network Security, said he’s not surprised that WannaCry is still causing problems. Simply put, just because a vulnerability is known and has been patched by a vendor doesn’t mean that it’s a solved issue.
“Conficker and MS08-67, the main vulnerability it exploited, is still popping up on occasion nine years after it began infecting millions of systems around the world,” Millard stated. “Of course, just patching these bugs isn’t always simple, as it could cause disruption to the organization.”
Millard suggests that compensating controls must be put in place and proper, risk-based decisions must be made to help reduce the risk of threats like WannaCry.
Jonathan Penn, director of strategy at security vendor Avast, said to date, 1.3 million WannaCry encounters in 153 countries have been observed by his firm, all of which were attacks that were stopped in their tracks.
“Last month’s global WannaCry attack was—or at least should have been—a wake-up call that security should be proactive, not reactive,” Penn stated. “Planning ahead is even more critical when business operations are at stake.
“Companies like Honda should be aware of the tools and resources available to them to secure their networks and ensure business continuity,” he added.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.