
WannaCry Outbreak Could Cost TSMC $170M - koin0r
https://sensorstechforum.com/wannacry-outbreak-tsmc-170-million/
======
Rotdhizon
>> against unpatched Windows 7 systems

>> Since data integrity and confidential information haven’t been compromised,
the company believes the attack wasn’t the work of a hacker

>> According to CEO C.C. Wei, the attack is purely due to the company’s own
negligence. Wei also said that he doesn’t think there is any hacking behavior
involved.

Those three lines sum up the article.

From a different article, the virus got onto their network when they installed
some type of new software/tool. They didn't check it before they deployed it,
turns out it had wannacry on it. Since the networks this virus infected
weren't internet connected, it didn't hit the kill-switch domain. So it was
left to run wild until they contained it.

[https://www.databreachtoday.com/wannacry-outbreak-hits-
chipm...](https://www.databreachtoday.com/wannacry-outbreak-hits-chipmaker-
could-cost-170-million-a-11285)

~~~
PhaseLockk
It's not surprising that the system was using an unpatched OS. Many of these
tools are not connected to the external internet, and they are qualified using
the exact version of the software that is installed during delivery. I don't
really know the details of foundry operations, but it seems like there are
more incentives against installing windows updates than for it. Looking at
your article it seems to say the same thing:

> patching is not always an easy endeavor in manufacturing environments
> because any code changes must be rigorously tested to ensure they don't have
> a real-world impact - for example on industrial control systems or
> supervisory control and data acquisition systems, which control the software
> and hardware that runs manufacturing processes. Indeed, ICS and SCADA
> systems may have a lifespan of 20 to 30 years. Many were never designed to
> be internet connected.

~~~
AnIdiotOnTheNet
Since this is ransomware, it's unclear how an OS patch would have helped
anyway.

~~~
mh8h
The ransomeware in this case spreads by exploiting a vulnerability that is now
patched in Windows.

~~~
zenexer
Additionally, if the machines were connected to the internet, the killswitch
would've prevented it from spreading. WannaCry doesn't spread if a particular
hostname resolves; this acts as a killswitch. Marcus Hutchins purchased the
relevant domain name after reverse engineering WannaCry and noticing the
killswitch.

Edit: That's not to say the machines should be connected to the internet; I'm
just explaining the circumstances that allowed this to occur.

------
joezydeco
Previous discussion about how a short break in chip fab production has a huge
impact:

[https://news.ycombinator.com/item?id=17686310](https://news.ycombinator.com/item?id=17686310)

------
zenexer
> The expert responsible for the effective WannaCry, Marcus Hutchins, was
> arrested last year by the FBI on six charges for conspiracy.

This makes is sound like Marcus Hutchins was responsible for WannaCry, which
is incorrect.

------
waynecochran
Did they pay the ransom?

~~~
tootie
I worked for a client that got hit by WannaCry. We billed them a ton of hours
for remediating the systems they had to reimage. Ransom would have been
cheaper probably.

~~~
waynecochran
Yeah, but long term its best for everyone to _never_ pay ransoms. (I don't
know why the article doesn't mention how the ransom was handled.)

~~~
niyikiza
I am a security engineer, and I understand this argument. BUT if I were a
decision maker in a corporation, it would be reasonable to pay a couple of
hundred bucks and get back to work rather than think about what is "good for
everyone". Also, as an industry, we need more measures to deal with the
Ransomware problem beyond just telling companies not to pay. We preached them
to patch their OS and they didn't listen, what makes us think that they will
listen when we advise not to pay the ransom when their data and reputation is
at stake?

------
crb002
Feds accuse MalwareTech in 3..2..1..

