On Wednesday August 16th representatives for LG South Korea have confirmed they were the victim of a cyber attack, which hit them on Monday morning. The spokesperson for LG has stated that it appears to be WannaCry, but there has not been any confirmation as this yet. There was no hesitation on LG’s part on reporting the incident to the proper authorities, the Korea Internet & Security Agency (KISA) in particular. The attack was identified as a result of identifying malicious code that was causing delays at their service centers. Upon staff noticing a few infected kiosks, they shut down all of them.

The spokesperson for LG was reported by the Korea Herald saying:

“The problem was found to be caused by ransomware. There was no damage such as data encryption or asking for money, as we immediately shut down the service center network.”

However KISA has stated there may still be more to worry about in that:

“We found samples of the malicious code (found in LG’s kiosks) were identical to the WannaCry ransomware attack. More investigation is still needed to determine the exact cause.”

After a few kiosks had been infected, the staff had to install an update to the remaining kiosks that were not infected. Specifically they were installing update MS17-010 to their Windows SMB Server, which was released in March 14, 2017. This suggests that despite the path being released months ago, LG South Korea failed to apply the patch.

Cyber Experts Surprised

After the massive WannaCry campaign that impacted over 200,000 computers, it would’ve been expected that businesses would be rushing to save themselves from being victims. The most high profile victim of WannaCry was the UK’s National Health Service (NHS) where the delays prevented large numbers of people from accessing healthcare. Sadly though a security rush is not what happened. Instead many security experts have been disappointed with the lack of action from the private sector. Such an oversight could be forgiven from an unaffected small business, but in this case a large organization like LG Electronics should’ve understood what was at stake.

According to new research published by Tripwire, two-third of cyber security professionals believe their organizations have not made critical security improvements since the two global cyber attacks. Tim Erlin, Vice President at Tripwire has stated that:

“…All it takes is one data breach or another WannaCry and your company has lost data, money, credibility and most importantly, customer trust, which is one of the most difficult things to recover.”

Assumptions

Blame for the development of WannaCry was placed on North Korea, but they’ve outright denied this allegation. Based on the timing of this attack, the blame game may soon happen again for this current attack towards North Korea. There was also no request for money as stated above, which lines up with the trend that was identified by Kaspersky earlier this month about destruction-oriented malware.

Prevention

When it comes to prevention of getting infected by WannaCry a message from Dean Ferrando, EMEA Manager at Tripwire, sent to SC Magazine in the UK sums up exactly what needs to be said:

“Some simple controls that could help prevent the spread of the WannaCry outbreak can be adopted with minimal cost to companies and as these controls have not been applied, we will hear more additional outbreaks. Companies that haven’t recovered would suggest a more severe problem – no disaster recovery plan, backups or no internal process or control to apply patches and secure systems. It could be that these companies need to recover the encrypted data to resume operations, and if that’s unlikely, may have to start again in rebuilding their systems, or reverting to old backups.”

Do you think WannaCry will make an even more aggressive comeback before year end?