It appears that the hackers behind the WannaCry ransomware may be back at work. LG's service centers in South Korea were reportedly hit by a ransomware attack earlier in the week, with authorities revealing that the ransomware's malicious code was "identical" to WannaCry.
Users of LG's South Korean self-service kiosks were reportedly experiencing issues accessing the service on Monday (14 August). The issue was then reported by LG to the state-run Korea Internet and Security Agency (KISA), who confirmed the ransomware attack. "More investigation is still needed to determine the exact cause," KISA said in a statement, the Korea Herald reported.
"The problem was found to be caused by ransomware," a spokesperson for LG said. "There was no damage such as data encryption or asking for money, as we immediately shut down the service centre network." It is still unclear how the attack occurred and whether the ransomware used contains the original WannaCry code or a different variant of it.
Earlier this month, WannaCry hackers cleaned out their Bitcoin ransom accounts only to later begin converting the money to the anonymous cryptocurrency Monero, in efforts to hide their tracks. Authorities across the globe are still pursuing the perpetrators behind the attack, which in May affected numerous businesses across nearly every nation in the world.
Security experts as well as law enforcement officials, including the GCHQ, have previously suggested that North Korean state-backed hackers may be behind the WannaCry attacks. Security experts had also previously revealed that the WannaCry ransomware was developed with code borrowed from NSA hacking tools that were leaked in April by the Shadow Brokers.
The attack on South Korean LG service centres also indicates that despite Microsoft already having pushed out patches addressing the leaked NSA SMB exploits used to propagate the WannaCry and NotPetya attacks, not all businesses may have updated their systems. This means that there may still be various global businesses that remain vulnerable to such ransomware attacks.
Download SafeUM — communicate privately, without advertising and spam.
110 Reykjavik, Iceland