Current Affairs / Traffic cameras in Australia hit by WannaCry ransomware infection
Traffic cameras in Australia hit by WannaCry ransomware infection
23 June 2017 |
The dreaded WannaCry ransomware seems to be in no mood to relent.
After wreaking a Honda factory in Japan earlier this week, the ransomware has now shut down 55 red light cameras and speed cameras in Australia.
According to reports, the ransomware possibly took control of systems owned and operated by private camera operator Redflex. As a result of the intrusion, red light cameras in the state of Victoria simply stopped working.
"Our advice at this stage is that a software virus has been detected however the camera system has not been compromised. We will look into all incidents detected by the speed and red light cameras during the time in question as a matter of course. The integrity of the camera system has not been affected," said the Victoria Police.
It is rare for any malware or ransomware to last this long. Initial infections of WannaCry ransomware were detected in the first week of May and it has gone on to infect a large number of systems belonging to various organisations from across the world. Microsoft has rolled out patches for older versions of Windows to protect people and organisations from being further impacted by the ransomware.
However, the situation involving red light cameras in Australia suggests that it will take a lot of concerted effort to ward off WannaCry and others of its kind for good.
"One of the biggest problems with opportunistic malware is that it has no boundaries; it will infect anything that meets the criteria. When that criteria is a vulnerability in an operating system that had ( and still has ) such a massive uptake then realistically, it may be a case of not if but when will you be next.
"Current estimates still put Windows 7 on almost 50% of all desktop operating systems, so it’s not surprising to still see machines being infected. You then need to understand how many older, bespoke systems, that are using embedded software to do a task," says Mark James, Security Specialist at security firm ESET.
"Updating these systems may not be financially viable- especially if the task they perform is still being done perfectly. In a time when funds are restricted to necessity or priority, persuading someone they need to invest thousands to stop something that may or may not happen will be a difficult job.
"Protecting against WannaCry in most cases, can be done by blocking TCP port 445, ensuring your operating system is patched and fully updated, and ensuring you have a good, regularly updated, multi-layered internet security product installed," he added.
Back in May, security firm Malwarebytes said that hackers behind WannaCry ransomware exploited known vulnerabilities in SMB ports to infect them with the ransomware. The firm said that SMB is an unnecessary protocol and should be done away with to prevent future ransomware attacks.
"SMB is used to transfer files between computers. The setting is enabled on many machines but is not needed by the majority. Disable SMB and other communications protocols if not in use. Network Segmentation is also a valuable suggestion as such precautions can prevent such outbreaks from spreading to other systems and networks, thus reducing exposure of important systems," it said.