WannaCrypt blamed for speed camera reboot frenzy in Australia
No ransom demands recorded and it's hit Linux, but Police say it's ransomware
A contractor in the Australian State of Victoria has managed to infect an unknown number of speed cameras with a virus, over sneakernet.
Details aren't so much sketchy as they are confused: the virus has been identified as WannaCrypt, but the government's been told it infected both Linux and Windows-based cameras; there was no ransom demand; the main symptom was repeated camera reboots, and; contractors apparently hoped to keep things quiet by patching cameras without telling anyone.
The lid came off on Friday, and Victoria Police decided to cancel 590 fines issued by 55 cameras infected by a contractor visiting the cameras to perform software upgrades with a USB drive that also carried something nasty.
The number of known infections rose to 97 out of the state's total of 280 speed cameras, after one of the state's speed camera contractors, Redflex, told the Department of Justice it had identified and patched a further 42 infections earlier in June.
In a weekend press conference, Victoria's Police minister Lisa Neville said Redflex knew of the problem on June 15 and fixed the cameras on that day, but only owned up after Victoria Police's first announcement on Thursday.
Redflex manages 150 of the state's speed cameras; two other contractors the minister didn't identify manage the other 130, yet a single individual infected devices under separate contracts.
She said the infections were spread by a single technician using a single drive. She and Deputy Commissioner Doug Fryer said the infection's symptom was that cameras were repeatedly rebooting.
“Even the Linox (sic) system still uses a Windows operating system underneath it”, she told the press conference. “I'm not a guru in technology, but there is still a Windows component to it … on Thursday, I was being assured that Linox (sic) could not be infected by the virus.”
Announcing an investigation into what happened, the government said cameras were infected between June 6 and June 22, and claimed the system was cleared by June 23.
Neville said part of the investigation's brief will be the speed camera program's governance and management, since she only learned of the infection from a program called “The Rumour File” on Melbourne radio station 3AW. “That's not a great way to brief ministers”, she said in her weekend press conference.
In excess of 7,500 fines issued between June 6 and June 22 are to be “quarantined” during the investigation, but may be reissued once the investigation is completed.
Neville told the press conference the infection didn't spread beyond affected speed cameras, because the devices lacked any Internet connection.
Just who advised Victoria Police that the infection was WannaCry(pt) is unknown; during the ministerial press conference, Deputy Police Commissioner Doug Fryer made the identification but said there was no ransom demand.
He said “there has been no evidence” that the infected cameras were issuing incorrect fines. ®