LG Electronics has confirmed its systems were recently hit by a ransomware attack that used a malicious code similar to the one used by WannaCry hackers in May.
LG Electronics subdued the ransomware attack by shutting down its service centre network and by patching systems with the latest updates from Microsoft.
“The problem was found to be caused by ransomware. There was no damage such as data encryption or asking for money, as we immediately shut down the service centre network,” said LG Electronics in a statement to the press.
The ransomware attack seemingly targeted self-serving kiosks of LG Electronics in South Korea and took advantage of an SMB vulnerability that exposed Windows-based computers and other devices to ransomware attacks like WannaCry.
Following the WannaCry attacks in May, Microsoft released security patches to fix the vulnerability but a large number of organisations are yet to update their systems with the latest patches.
The South Korean government’s Internet & Security Agency (KISA) is currently investigating the ransomware attack but said that maliccious codes used in the ransomware attack are very similar to the ones used by hackers behind WannaCry.
As part of its August 2017 Patch, Microsoft released fixes for as many as 48 security issues present in the Edge browser, the SQL server, Adobe Flash Player, Internet Explorer and Microsoft Windows. Critical vulnerabilities like Windows Search Remote Code Execution Vulnerability, Privilege Escalation with Windows Error Reporting, and Windows Subsystem for Linux Denial of Service Vulnerability were also patched.
According to security firm Malwarebytes, unnecessary protocols like SMB and network segmentation should be done away with as they are vulnerable to hackers. At the same time, more emphasis should be laid on updating all systems to the latest versions of operating systems as well as on timely patching of security updates.
“SMB is used to transfer files between computers. The setting is enabled on many machines but is not needed by the majority. Disable SMB and other communications protocols if not in use. Network Segmentation is also a valuable suggestion as such precautions can prevent such outbreaks from spreading to other systems and networks, thus reducing exposure of important systems,” it said.
Many reports point to the fact that many of LG Electronics’ systems were not patched with the latest updates and the same was done only after its IT experts discovered the presence of the ransomware.
Dean Ferrando, EMEA Manager at Tripwire, believes that just because some companies were not hit by the initial WannaCry attacks, they believed that their systems were secure and would not suffer ransomware attacks in the future. This led to a sense of complacency and organisations failed to urgently update their systems with the latest security fixes.
“Some simple controls that could help prevent the spread of the WannaCry outbreak can be adopted with minimal cost to companies and as these controls have not been applied, we will hear more additional outbreaks,” he said.
“Companies that haven’t recovered would suggest a more severe problem – no disaster recovery plan, backups or no internal process or control to apply patches and secure systems. It could be that these companies need to recover the encrypted data to resume operations, and if that’s unlikely, may have to start again in rebuilding their systems, or reverting to old backups,” he added.