If You Run A Digital Signage Network, Did A Cyber Attack Friday Make You WannaCry?
May 15, 2017 by Dave Haynes
The global ransomware attack that bubbled up late last week has affected a wide variety of system in scores of countries – everything from small businesses to hospital patient management systems – so it was inevitable it was also going to affect some digital signage operators.
Digital signage vet Dan Parisien, now with Quividi, speculated as much in a weekend tweet.
https://twitter.com/danielparisien/status/863899935254528001
I’ve not heard from anyone saying they were hit (as Dan says, would you admit it?), but here’s the first of what may end up being a bunch of stories involving screen networks affected by the “WannaCry” worm.
From the Singapore Straits Times newspaper:
SINGAPORE – Singapore has seen a number of victims struck by the latest global ransomware attack, the Cyber Security Agency (CSA) said in an alert on Sunday (May 14).
Systems at Tiong Bahru Plaza and White Sands were also believed to be affected by the “WannaCry” worm.
MediaOnline, which supplies digital signage, rushed to fix its systems after kiosks were infected at the malls. Director Dennis So said the systems were not connected to the malls or tenants’ networks.
A photo posted on Reddit on Saturday night showed a malware message on Tiong Bahru’s mall directory, suggesting that it had been hit by the ransomware attack WannaCry.
The mall operators told Channel NewsAsia that they were alerted to the malware incident at around 5pm on Saturday.
A spokesman said the digital directory service is provided to the mall by a third-party vendor, and vendor systems have been disconnected from the board while a solution patch is being installed.
She added that no sensitive information in the mall directories was leaked and that hackers did not receive any money or bitcoin.
A display screen at an Orchard Central Desigual outlet is also believed to have been hit by the ransomware attack.
The CSA advised Internet users to be suspicious of uninvited documents sent through e-mail, back up crucial files, and run anti-virus security tools.
Those with infected systems should remove the network cable or shut down the wireless function on their device so the ransomware doesn’t spread. They can then patch and restore their systems.
The systems most affected by this ransomware are those running Windows XP, Windows 8, and Windows Server 2003. Microsoft issued this security update on Friday.
not wannacry… well, maybe a little tear from the freaking out did scape my eyes until we saw that everything was ok…
Just as some help, MS released a patch for XP embedded & W7 embedded (WES) systems last Friday::
windowsxp-kb4012598-x86-embedded-enu_9515c11bc77e39695b83cb6f0e41119387580e30.exe
and also another one for W7 embeded
X86-all-windows6.1-kb4019264-x86_aaf785b1697982cfdbe4a39c1aabd727d510c6a7.msu
Good luck!!
It brings up an interesting topic within the industry that is often disregarded. I engage in highly funded projects, yet clients tend to penny pinch on critical aspects; typically back end and creative. I deal with IT departments on a daily basis that want to install near end-of-life OS on their servers; when an argument is presented that they should do otherwise, it’s met with ridicule. These are the same clients that in 3 years time when their network is compromised they inevitability question “Why didn’t you warn us?!”.
It’s also a nice little reminder to reach out to your clients and audit their backup procedures. I’ve had two high profile clients hit with ransomware this year, howver, I’ve heard nothing about this specific attack yet.
No Wannacry… Just little updates.
Perhaps being shut down is the last thing to worry about:
https://www.washingtonpost.com/news/dr-gridlock/wp/2017/05/16/a-union-station-ad-screen-played-pornhub-videos-monday-night/?utm_term=.87ad77e9ad79
I wonder what the final metrics on this were.