With NotPeyta spreading rampantly across the world, it’s worth remembering that the last ransomware de jour, WannaCry, is still out there. As many as 159 speed cameras in Victoria, Australia – mostly in the state’s capital, Melbourne – have been infected by the ransomware.
We initially reported that up to 97 cameras had been infected, but yesterday Victoria’s police minister, Lisa Neville, said that another 62 cameras had been affected. This means that over half of the state’s 280 cameras were hit.
The speed cameras were not infected through WannaCry’s worming capabilities, but rather as a result of human error. On June 6, a maintenance worker inadvertently uploaded the ransomware to the speed camera network using a USB stick.
The contractors in charge of the cameras reportedly believed that the ransomware wouldn’t be able to spread, because the cameras were not connected to the Internet. Despite this, the number of infected cameras has continued to grow in the past week. However, in a weekend press conference, Neville said that the growth was not because WannaCry was worming, but because of inaccurate reporting.
She said that one of the state’s contractors, Redflex, knew of the problem on 15 June and reported it to the authorities (although only after fixing the cameras). The additional infected cameras were operated by Jenoptiks, which did not report the infection.
As a result of the infection, Victoria police cancelled 590 speeding and red light fines despite believing they were correctly issued. Acting Deputy Commissioner Ross Guenther said: “I cancelled the fines because I think it’s important the public has 100% confidence in the system”.
How to avoid falling victim
Discussing the enduring threat of WannaCry, Rafe Pilling, senior researcher at SecureWorks Counter Threat Unit, told ZNet: “WannaCry is a worm so it’s propagating at random around the internet. So any systems which were infected and hadn’t properly been cleaned [continue] to propagate the worm”.
Network segregation plays a major role in defence. Ideally nobody should have ports necessary for this worm to propagate accessible to the internet or with outbound access to the internet – it’s generally considered poor practice for the [Server Message Block] port to be exposed to the internet, or to allow your systems to talk to that protocol.
Source: IT Governance
