{"id":3929,"date":"2017-09-30T10:59:13","date_gmt":"2017-09-30T08:59:13","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=3929"},"modified":"2023-02-14T15:32:03","modified_gmt":"2023-02-14T14:32:03","slug":"wannacry-infection-stops-mercedes-benz-production","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/09\/30\/wannacry-infection-stops-mercedes-benz-production\/","title":{"rendered":"WannaCry infection stops Mercedes Benz production?"},"content":{"rendered":"

[German<\/a>]Strange story that's going around right now. In German factories of car maker Mercedes Benz (Daimler AG) production computers are supposed to be infected with WannaCry ransomware. Also vendor Festo is claimed to be infected with WannaCry.<\/p>\n

<\/p>\n

\"\"First of all, I must say, that the story isn't officially confirmed (from the companies – but I have my own sources). German news site heise.de has published yesterday the article Daimler: WannaCry hat offenbar neue Opfer gefunden<\/a> (translation means Daimler: WannaCry found new victims<\/em>).<\/p>\n

First reports \u2013 after reader tips<\/h2>\n

The editorial team at heise refers to reports from different readers that production at Daimler<\/a> sites is affected. According to these sources, a WannaCry infection is believed to have taken place in Mercedes-Benz plants such as Bremen, Hamburg and Untert\u00fcrkheim.<\/p>\n

Unpatched Windows XP systems are involved?<\/h2>\n

How can this happens at end of September 2017? It is reported that industrial robots, using Windows XP for control, were no longer functional. So it seems, that unpatched Windows XP systems was involved into this case. Manufacturer Festo is also said to have been affected by the WannaCry Trojan horse.<\/p>\n

Note: I'm aware, that Windows XP, Windows 8.x and Windows 10 are probably not vulnerable for WannaCry. But maybe there are Windows 7 machines involved – or it's a modified version of this trojan. And it is known, that WannaCry infections forces Windows XP systems into a blue screen – so reports, that industry robots controlled by Windows XP makes a lot of sense. Windows XP isn't the source to spread a WannaCry infection, but will be affected too.<\/p><\/blockquote>\n

Not confirmed by speakers of Daimler and Festo \u2026<\/h2>\n

The editorial team at heise has reached out to Daimler and Festo for a statement. A speaker from Festo states that no attacks are known. A speaker from Daimler\/Mercedes Benz explained that production is running – but no statement has been made about WannaCry infection.<\/p>\n

\"WannaCry-Meldung\"<\/p>\n

The WannaCry Trojan has led to a number of failures in the automotive industry. At Renault, the initial infection in May 2017 led to production stoppages, and Honda was also affected by something like this. And Korean electronic producer LG was still a victim of WannaCry in South Korea in August 2017.<\/p>\n

Remark: I've covered the production stops in the car manufacturing industry within my German blog in several blog posts. Links may be found within my German article<\/a>.<\/p><\/blockquote>\n

\u2026 but my source confirmed it also<\/h2>\n

Update:<\/strong> An reliable source (that will stay anonymous) has told me today (September 30, 2017) that the German Daimler plant in Rastatt is\/was also affected. My source spoke of a 'quite upset mood' within the IT department.<\/p>\n

Update 2:<\/strong> Another source (that will stay anonymous) has send me the following details \u2013 I've translated it to English.<\/p>\n

… but the production IT of Daimler in K\u00f6lleda (motor factury) and Kamenz (LiIon battery factory) almost breathed a sigh of relief yesterday at 9h, after [Mercedes Benz production IT at] Untert\u00fcrkheim reported more than 1500 cases.<\/p>\n

This infections affects massively virtual machines from plant suppliers, personal measuring computers and systems in 24\/7 operation.<\/p><\/blockquote>\n

Update 3:<\/strong> I've reached out to Daimler Press department and received the following statement from a speaker:<\/p>\n

Our production is running. Please understand that we do not comment on IT security issues.<\/p><\/blockquote>\n

Update 4:<\/strong>\u00a0I found a German\u00a0Tweet<\/a>\u00a0– which makes a lot sense, if we know the context.<\/p>\n

\n

Auf Dads Arbeit wird das sogar f\u00fcr die Steuerung von Industrierobotern benutzt. Gestern wurde es von WannaCry befallen.<\/p>\n

\u2014 Relaxo (@Flusslied) 30. September 2017<\/a><\/p><\/blockquote>\n