Cyber Incident Victim: Nissan
Date:
May 2017
Location:
United Kingdom
Summary
A global ransomware attack utilizing WannaCry malware impacted over 200,000 computers across 150 countries, affecting governments, healthcare systems, and corporations. The incident disrupted operations at a Nissan manufacturing facility in Sunderland, forcing production halts alongside similar impacts on organizations like the UK's National Health Service, which faced patient diversions due to encrypted systems. The attack exploited vulnerabilities in unpatched Microsoft Windows systems, demanding ransom payments to restore access, though entities with updated security patches or alternative operating systems experienced limited damage. Additional sectors affected included transportation, energy providers, and financial services, with widespread reports of frozen critical infrastructure, payment system failures, and operational delays.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The WannaCry ransomware attack emerged globally on or around May 12, 2017, rapidly infecting over 200,000 computers across 150 countries according to Europol. The malware encrypted files on infected systems, demanding ransom payments in Bitcoin to restore access. Critical infrastructure sectors were disproportionately impacted, with healthcare, transportation, energy, and manufacturing organizations among the primary targets. Russia experienced the highest volume of attempted infections according to Kaspersky Lab analysis, affecting the interior ministry, railways, banks, and mobile operator Megafon. While approximately 1,000 Russian interior ministry computers running Microsoft Windows were compromised, critical servers remained operational due to their reliance on domestically developed Elbrus operating systems. Germany’s Deutsche Bahn railway company reported disruptions to electronic station display boards, though train services continued uninterrupted.
China faced widespread disruptions at universities, where outdated or pirated software left systems vulnerable. Students encountered ransom demands while attempting to complete academic projects, with payments required to recover files. Petroleum stations in Chongqing suspended card payments after China National Petroleum Corp systems were compromised, while internet firm 360 Security noted infections at nearly 30,000 institutions including hospitals and government agencies. South Korea’s largest cinema chain CJ CGV reported ransomware affecting advertisement servers at 50 locations, though screenings proceeded normally. In Japan, Hitachi experienced email and file delivery disruptions potentially linked to WannaCry, though no ransom demands were observed. The UK National Health Service suffered severe operational impacts, with 48 English trusts and 13 Scottish organizations forced to cancel appointments and divert emergency cases after systems displayed encryption warnings. Nissan’s vehicle manufacturing plant in Sunderland, UK, was confirmed among the affected entities, though specific operational consequences were not detailed. Renault halted production at multiple facilities but restored 90% of operations swiftly without customer delivery impacts. Spanish firms Telefonica, Iberdrola, and Gas Natural implemented containment measures including disabling vulnerable workstations. Indonesian hospitals faced locked patient records causing treatment delays, while Indian police systems in Andhra Pradesh were hijacked alongside corporate networks in major cities, though critical national infrastructure avoided major damage through preemptive patching.