LG Takes Systems Offline Due to WannaCry Infection

South Korean electronics manufacturer LG is the latest big name hit by ransomware, as part of the network operated by the company in the domestic market was shut down earlier this month due to WannaCry infection.

First spotted in May this year, WannaCry is a form of ransomware exploiting a Windows vulnerability that has already been patched by Microsoft shortly after the outburst. The software giant has even shipped emergency patches for Windows XP in an attempt to keep users protected, so the only thing system administrators need to do is deploy the latest updates to block the infection.

This never happened on LG’s systems, however, and a self-service kiosk operated by the company in South Korea has recently been compromised with WannaCry.

Still not known how WannaCry reached computers
While it’s not known how many computers in LG’s network were compromised, the company decided to shut down a number of systems to prevent the ransomware from spreading. LG blocked the access to the service center where the malware was first spotted, and this proved to be a smart move as no data has been encrypted. Furthermore, LG explained that no ransom had been paid.

“We analyzed the malicious code that caused delays at some service centers on Aug 14th with the help of KISA [Korea Internet & Security Agency] and confirmed that it was indeed ransomware. According to KISA, yes it was the ransomware known as WannaCry,” a company spokesperson was quoted as saying.

LG managed to restore all impacted machines in less than 2 days, but the company is yet to determine how exactly the ransomware took down the systems.

On the other hand, what’s known is that the computers that ended up infected with WannaCry weren’t running the latest updates from Microsoft, as up-to-date systems are not vulnerable to ransomware infections.

WannaCry has made hundreds of thousands of victims across the world, including some high-profile companies, such as car manufacturer Honda, which was forced to shut down one production plant completely due to its network being compromised by the ransomware.


How to spot malicious mobile apps


The pervasiveness of smartphones has resulted in an onslaught of mobile apps, and it’s pretty safe to say that, by now, there is an app for every imaginable purpose. Unfortunately, among the many helpful ones are also many malicious apps – no app market is safe from them.
Fortunately, there are ways to spot such apps.

RiskIQ researchers have been monitoring over 120 mobile app stores around the world, and based on their findings, they advise users to be on the lookout for three suspicious things when evaluating the legitimacy of an app:

Inappropriate permissions

“If an app’s permissions are not congruous with the functions it claims to provide, you should be suspicious. For example, does an app really need access to your phone calls, SMS messages, or billing to serve its purpose?” the pointed out.

App developers using free email services

Developers of malicious apps also often list contact email addresses opened with free email services such as Hotmail, Gmail, and Yahoo!

“Consumers are advised to be aware of who they expect the app to come from, and verify that the contact of the app they’re downloading is legitimate. For instance, the contact for an app purporting to be from a well-known brand will not be ‘john.smith@yahoo.com.’”

Another thing that should make users suspicious is when there is no contact email listed. An online search for the developer based on the information that is provided and a critical evaluation of the results should be a must before even thinking about downloading the app.

Poor and/or slapdash app descriptions

Numerous downloads and good reviews are not an indication that the app is surely legitimate.

“Rave reviews can be forged, and a high amount of downloads can simply indicate a threat actor was successful in fooling victims,” the researchers noted.

Users would do well to look at the app’s description: poor grammar and nonsensical exposition could, of course, be an indication that the developer is not familiar with the language, but it’s also one of the hallmarks of mobile malware campaigns.

Mobile malware makers are quick to exploit trending topics

Popular games, holidays, current events, and important dates are often exploited. For example, in August and September the “back to school” theme begins trending and, right on queue, it is being taken advantage of.

By searching for “back to school” apps, RiskIQ researchers have found 9,343 apps on app markets that fit the description. Of these, 1,182 (12.7%) are detected as harmful by RiskIQ and/or one or more antivirus vendors.

“We found that the Google Play Store, which has a relatively good reputation but led app stores in total blacklisted applications in Q2, hosts 333 of the blacklisted ‘back to school’ apps,” they noted.

“The fact that thousands of these apps are live in popular stores like Google Play goes to show that consumers are largely left to their own discretion when determining if an app is safe.”

Back To Top