LG logo

Representatives for LG South Korea said on Wednesday that a mysterious ransomware strain has infected self-servicing kiosks at various service centers across the country.

The infections, reported by local newspaper Seoul Shinmun, took root on Monday, August 14.

An LG spokesperson said the ransomware looked like WannaCry, albeit no official investigation confirmed it as of yet. The company said it reported the event to the Korea Internet & Security Agency as soon as it happened.

Self-servicing kiosks most likely left without patches

LG told local reporters that all service kiosks were shut down as staff detected the first infected devices. The company did not say how many kiosks were affected.

Staff installed updates on kiosks where the ransomware did not manage to encrypt data. This suggests that self-servicing kiosks were left without updates. MS17-010 is the security bulletin system administrators had to install.

For security professionals, LG's mistake is mind-boggling and unexplainable. The WannaCry ransomware outbreak hit almost all countries across the world in mid-May and infected hundreds of thousands of computers, mainly those running Windows 7.

During the ransomware's outbreak, victims shared photos of their infected devices on Twitter. Some photos depicted self-servicing kiosks, so it's hard to understand how LG's IT staff forgot to double-check if they patched systems against WannaCry.

"Complacency could be [a] reason," Dean Ferrando, EMEA manager at Tripwire told Bleeping Computer in an email about the possible cause why LG systems were not patched.

"Some companies may feel that because they were not impacted in the immediate period of time afterward, they won’t be infected as the controls they have in place are working without checking," he added.

In the aftermath of the WannaCry outbreak, some security companies tried to blame North Korea for creating WannaCry. North Korean officials denied any involvement.

Related Articles:

GandCrab Devs Release Decryption Keys for Syrian Victims

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

The Week in Ransomware - October 12th 2018 - NotPetya, GandCrab, and More

Windows 10 Ransomware Protection Bypassed Using DLL Injection

New Reports Show Increased CyberThreats, User Risks Remain High