Is WannaCry back? ‘Identical’ ransomware hits LG in Korea

17 Aug 2017

1

The WannaCry attack that had hit computers across the globe in May this year may be back. LG's service centres in South Korea were reportedly hit by a ransomware attack this week, with authorities revealing that the ransomware's malicious code was "identical" to WannaCry.

Users of LG's South Korean self-service kiosks were experiencing issues accessing the service on Monday (14 August), according to International Business Times.

The issue was reported by LG to the state-run Korea Internet and Security Agency (KISA), who confirmed the ransomware attack. "More investigation is still needed to determine the exact cause," KISA said in a statement, the Korea Herald reported.

"The problem was found to be caused by ransomware," a spokesperson for LG said. "There was no damage such as data encryption or asking for money, as we immediately shut down the service centre network."

It is still unclear how the attack occurred and whether the ransomware used contains the original WannaCry code or a different variant of it.

Earlier this month, WannaCry hackers cleaned out their Bitcoin ransom accounts and later began converting the money to the anonymous cryptocurrency Monero, in efforts to hide their tracks.

Authorities across the globe are still pursuing the perpetrators behind the attack, which in May affected numerous businesses across nearly every nation in the world.

Security experts as well as law enforcement officials, including the GCHQ, have previously suggested that North Korean state-backed hackers may be behind the WannaCry attacks. Security experts had also previously revealed that the WannaCry ransomware was developed with code borrowed from NSA hacking tools that were leaked in April by the Shadow Brokers.

The attack on South Korean LG service centres also indicates that despite Microsoft already having pushed out patches addressing the leaked NSA SMB exploits used to propagate the WannaCry and NotPetya attacks, not all businesses may have updated their systems. This means that there may still be various global businesses that remain vulnerable to such ransomware attacks.

In May, WannaCry has infected more than 300,000 computers in 150 nations, starting with the UK's National Health Service. It threatened to lock out victims unless they pay a certain sum within one week of infection, usually in the virtual currency bitcoin (See: Don't reboot: group of experts finds WannaCry fix).

Business History Videos

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more