The WannaCry ransomware epidemic hit hard: the malware to infect over 300,000 victims around the globe causing chaos.
Factories, the UK’s National Health Service, the Russian postal service and even Chinese government agencies were amongst the victims of the indiscriminate WannaCry attack before the outbreak was brought under control – although not before costing billions in damages and lost productivity.
Microsoft issued patches and the initial scramble to secure systems the focus shifted towards working out who launched the attack, with both private cybersecurity firms and government agencies pointing towards North Korea as the culprit behind an incident.
But that wasn’t the end. Over a month on from the initial outbreak, WannaCry is still claiming victims. On Sunday 18 June, car manufacturer Honda was forced to shut down one of its production facilities because systems were infected with WannaCry.
The Japanese firm temporarily halted production at its Sayama plant after it was discovered that the malware worm had infected networks across Japan, North America, China and more.
Located North West of Tokyo, the Sayama plant was the only manufacturing facility to have production impacted by the outbreak after being shut down on Monday, halting production of around 1,000 cars – the daily output of the facility.
No other production facilities were impacted in this way and work at the plant resumed as normal on Tuesday, the company told ZDNet, adding it will “take every step to further strengthen the security of the systems”.
Just days later, WannaCry hit 55 speed cameras in Victoria, Australia, with the source of the infection thought to be as a result of human error when an infected USB was inserted by someone carrying out maintenance. Fortunately the offline nature of the devices means the ransomware couldn’t spread to other networks.So why is WannaCry still causing problems for organisations over a month on from the initial epidemic?
Much of it comes down to worm-like properties of the ransomware, which uses EternalBlue, a leaked NSA tool which leverages a version of Windows’ Server Message Block (SMB) networking protocol to spread itself.
And now the worm is out in the wild it is still attempting to find computers to infect – all while powered by some systems it infected in the first outbreak.