Japanese carmaker Honda released a statement last Tuesday that it had halted operations in its Sayama, Japan car plant due to a recurrence of the now-infamous WannaCry ransomware. The plant, which has an output of approximately 1000 vehicles per day, was shut down on Monday after Honda discovered the virus had affected networks across Japan, North America, Europe, China and other regions. This was despite attempts by the company to secure its networks against such attacks when the initial WannaCry outbreak occurred back in May.
Just one day’s downtime at Honda’s Sayama plant cost production of 1000 vehicles
WannaCry had managed to infect and encrypt more than 200,000 computers across 150 countries before the strain was slowed, when a security researcher in the UK inadvertently activated a killswitch by registering a domain hidden within the ransomware’s code. Since then, infections have slowed but security experts have warned that new versions of the worm may strike.
Honda’s efforts to protect against infection seem to have ultimately failed, although the Sayama factory did reopen a day later and the outbreak is not believed to have affected production across other locations.
It is not known yet if this plant was affected by the original WannaCry or one of many subsequent variants. However, as long as the underlying fault remains unresolved, security experts warn that WannaCry variants will remain an issue.
WannaCry spreads through computers which lack up-to-date security patches, using an exploit developed by the NSA that utilises vulnerabilities in Windows Server Message Block (SMB). The aftermath of the WannaCry infection had brought a spotlight onto Windows XP machines, with Microsoft releasing a surprise security patch for the long obsolete OS. Windows 7 remains the most heavily infected platform, and for unpatched or otherwise unprotected systems, it’s really a matter of when, not if, they will be affected.
Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, said that Honda was right to cease production, but that the outbreak was preventable. “This incident could have been prevented with basic security hygiene, a patch management program and automatic updates to systems” she said, adding “It comes as no surprise that more and large organisations have been affected by WannaCry. Microsoft released patches in March to fix the vulnerability that has allowed WannaCry to spread, but many organisations have been particularly slow to implement them.”
One of the basic security hygiene measures that could have prevented the spread of WannaCry is actively managing permissions for user accounts, to ensure that each individual only has access to what they need. “Often in organizations individuals are provisioned to access systems for short periods and are never deprovisioned, which means over time they get excessive access that can be damaging to the business if misused. Tools to control and manage overall access are critical. Malware such as WannaCry takes advantage of gaps in security so to be truly safe requires a continuous and thorough approach which embraces the multiple aspects of cyber security” according to One Identity UK director, Andrew Clarke.
WannaCry was a wake up call for businesses and organisations all over the globe when it struck on May 12, as it exposed the damage that can be caused by poor patch management and lack of basic security implementation.