Throwback Attack: WannaCry ransomware takes Renault-Nissan plants offline

Courtesy: Keagan Gay
Courtesy: Keagan Gay

In 2017, auto manufacturer Renault-Nissan became one of many organizations around the world to fall victim to the WannaCry ransomware. While WannaCry was effectively halted within a few days of its discovery, it was one of the largest cyberattacks in history at the time and still managed to reach 150 countries and infect approximately 200,000 devices.

For Renault-Nissan, the attack was detected on a Friday, and operations were essentially back to normal by the following Monday. But in the intervening hours, the automotive giant was forced to halt production at five facilities: a high-end plant in Douai, France; a van plant in Sandouville, France; a small car plant in Slovenia; the Dacia plant in Pitesti, Romania; and a factory shared with Nissan in Chennai, India.

At the time of the attack, a spokesperson for Renault told Automotive News that, “Proactive measures have been put in place, including the temporarily suspension of industrial activity at some sites.”

The WannaCry ransomware was a global cyberattack in May 2017 that targeted Microsoft Windows operating systems. The hackers used a cryptoworm to encrypt data and then demanded a payment in Bitcoin cryptocurrency. Initially, they asked for $300 in bitcoins, but quickly raised that ask to $600. The hackers claimed if companies didn’t pay the ransom in three days, their files would be permanently deleted.

The WannaCry ransomware is a perfect example of why running updates and security patches is imperative to any organization’s cybersecurity. The self-propagating malware spread via an exploit on older Windows systems allegedly developed by the United States National Security Agency (NSA), known as EternalBlue. This hack was made public and leaked by a hacking collective called The Shadow Brokers well before WannaCry began its destructive run.

Because Microsoft had already released patches to close the exploit, much of WannaCry’s transmission was from organizations that had not applied these patches or were using older Windows systems. Companies running unsupported versions of Microsoft Windows, especially Windows 7 and earlier, were particularly at risk because Microsoft had stopped releasing security patches for these outdated systems years prior to the attack.

Unfortunately, these sorts of routine patches are often delayed in industrial environments, such as food production or the automotive industry, because the plants run continuously, and taking them offline for updates would cause inconvenience and delays.

Despite its global reach, the WannaCry ransomware attack was over almost as soon as it started thanks to emergency patches released by Microsoft and a 22-year-old British computer security researcher named Marcus Hutchins. Just as the malicious software was taking hold across the globe, Hutchins discovered a secret kill switch buried in its code that prevented infected computers from spreading WannaCry further.

In the case of Renault-Nissan, sites reporting infections were deliberately unplugged from the network to prevent the spread of the WannaCry ransomware. Renault-Nissan plants that had recently undergone upgrades were not impacted by the attack.

At the time, WannaCry was the biggest and fastest-spreading cyberattack ever experienced, and it changed the way many businesses approach cybersecurity. While estimates vary regarding the total damage as a result of WannaCry, some speculate the worldwide losses were as much as $4 billion. Other major organizations impacted included FedEx, Deutsche Bahn, Hitachi, Spanish mobile company Telefonica and the Russian Interior Ministry. One of the hardest hit was the National Health Service in England and Scotland, with around 70,000 devices affected in 36 hospitals and damages of nearly £92 million.

In December 2017, the United States and United Kingdom formally asserted North Korea was behind the attack.

RELATED ARTICLES

Throwback Attack: The NotPetya malware causes serious damage to snack giant Mondelez
https://www.industrialcybersecuritypulse.com/throwback-attack-the-notpetya-malware-causes-serious-damage-to-snack-giant-mondelez/

Throwback Attack: A Florida teen hacks the Department of Defense and NASA
https://www.industrialcybersecuritypulse.com/throwback-attack-a-florida-teen-hacks-the-department-of-defense-and-nasa/

Throwback Attack: Hackers steal 1TB of data from beverage giant Brown-Forman
https://www.industrialcybersecuritypulse.com/throwback-attack-hackers-steal-1-tb-of-data-from-beverage-giant-brown-forman/

YOU MAY ALSO LIKE

GET ON THE BEAT

 

Keep your finger on the pulse of top industry news

RECENT NEWS
HACKS & ATTACKS
RESOURCES