South Korean electronics giant LG is believed to have been infected with the WannaCry ransomware after IT staff failed to apply security patches to all its Windows PCs and servers.
WannaCry infected several hundred thousand Windows machines within days of its release in May, using a US National Security Agency (NSA) exploit to self-propagate.
That exploit, called EternalBlue, used security flaws in Microsoft’s perennially insecure SMB networking protocol that the NSA had used for years in its own covert work.
And, according to security specialists, the outbreak is almost entirely down to negligence or incompetence on the part of LG’s IT staff.
“Reports suggest that the company had not applied all the security updates available from Microsoft. This highlights something that we already knew – many organisations are not good at applying software security updates,” said Dean Ferrando, EMEA Manager at Tripwire.
Applying available patches, as quickly as possible, is one of the easiest ways to keep an organisation safe from new and emerging threats.
“Applying available patches is one of the easiest ways to keep an organisation safe from new attacks however, the unfortunate truth is that, despite the warnings and advisories to patch and secure the systems, there will always be a system that is missed,” said Dean Ferrando, EMEA Manager at Tripwire.
He continued: “Complacency could be another reason why new outbreaks are being discovered – some companies may feel that because they were not impacted in the immediate period of time afterwards, they won’t be infected as the controls they have in place are working without checking.
“Conficker hit us in 2008 with a similar attack, causing an outbreak globally. Companies patched and secured their systems but months after the outbreak, Conficker was still infecting companies that hadn’t taken the necessary precautions.”
LG has not officially confirmed that it’s been struck by WannaCry yet – the company hasn’t responded to requests for comment. According to reports, the company has had to close down some of its facilities in South Korea in order to contain the infection.
Speaking to the Korean Herald the company admitted that it had been the target of a ransomware attack, but added that it hadn’t been badly affected.
“The problem was found to be caused by ransomware,” said a spokesperson. “There was no damage such as data encryption or asking for money, as we immediately shut down the service centre network.”