WannaCry Locked Down Australian Traffic Cameras, Caused Voided Citations

Do you think that ransomware attacks only affect personal computers and business systems? Think again — the recent widespread infections caused by the WannaCry ransomware touched more than just hospitals in the UK and unpatched Windows PCs. In the Australian state of Victoria, hundreds of traffic cameras, meant to enforce speed limits, were knocked offline after the malware infected the system. Instead of encrypting data for ransom, the system instead became locked in a continuous cycle of rebooting.

Because of the infection, police in Victoria announced that they would withdraw notices sent for more than a thousand speeding tickets. Thousands more citations, representing a significant amount of potential revenue, were also put on pause pending an investigation into the matter. With the camera system infected, there was no immediately clear way to tell whether the speed readings taken were accurate. Though the drivers cited probably feel some relief, this incident is a good example of the ways malware can disrupt critical infrastructure when it finds a way inside.

One interesting point to note about this infection is the method through which WannaCry entered the traffic camera system. Rather than hooking into the system through the EternalBlue exploit made famous by the malware, the infection started from a local PC.  Victoria police stated that a USB stick from an infected computer was plugged in to the traffic camera systems during an update. The malware then jumped from the USB stick and spread rapidly throughout the camera network.

The Victoria incident highlights an important need to not only keep our systems up to date but to be aware of the many ways malware can make it onto our machines. Infection through a corrupted USB stick is one of the easiest and most subtle ways to introduce malware onto systems. That is why you should never use a USB stick or drive you find abandoned, and why many businesses require extra precautions by implementing rules restricting their use on critical computers.