WannaCry brought 200,000 endpoints all across the world to their knees last month
WannaCry brought 200,000 endpoints all across the world to their knees last month

WannaCry has reared its head once again in renewed attacks, this time on Honda car manufacturing facilities. The Eastern auto giant halted production at a plant, northwest of Tokyo after the ransomware was discovered on its computers on Sunday 18th June.

A Honda spokesperson said in a statement  that the virus had been discovered in facilities around the world. The discovery halted the production of 1,000 cars at the Sayama Automobile plant  outside Tokyo.

The statement added, “the recovery work was undertaken immediately, and the production at Sayama has resumed in the morning on 20 June.”

While Honda has updated  many of its computer systems in the wake of the WannaCry attacks, those security updates were apparently not enough for the older systems in the Sayama plant.

Wannacry leverages the EternalBlue vulnerability, an NSA-linked zero day which was released in 2016 by a group calling itself The Shadow Brokers. While Microsoft released a patch earlier this year that would fix that vulnerability, many had not updated their systems by the time WannaCry launched a month later.  It seems that some have still not updated them. It appears as though Honda may fall into that category.

Paul Edon, director at Tripwire told SC Media UK, "a month has gone by since the WannaCry attack caused global panic and disruption. Yet, despite all the help guides, blogs and news, companies are still being affected. The fix and information is out there and so they need to take action now to better protect themselves.”

Gavin Millard, technical director at Tenable told SC that  "just patching these bugs isn't always simple as it could cause disruption to the organisation. If that is the case then compensating controls must be put in place and proper, risk-based decisions must be made."

While Microsoft has issued a  patch, this kind of vulnerability still pops up, added Millard, commenting, "That the exploitation of MS17-010 through WannaCry and other derivatives is still causing a problem is hardly surprising. Conflicker and MS08-67, the main vulnerability it exploited, is still popping up on occasion nine years after it began infecting millions of systems around the world."

WannaCry swept more than 150 countries last month and successfully ensnared organisations ranging from car manufacturers and  telecoms giants to the Russian Interior Ministry and 48 UK NHS trusts.  

A combination of a worm and piece of ransomware - the first of its kind - WannaCry propagated on a scale that may never have been seen before.

Recent reports from the US National Security Agency and the UK's National Cyber Security Centre have both claimed that the government of North Korea was behind the attacks while other commentators insist that this is unlikely. It has been theorised that whoever launched the attack did not mean to do so, and the worm likely got out during testing.