Ransomware was found on an LG self-service kiosk in South Korea, with analysis of the code identifying it as WannaCry, the file-encrypting malware that used a leaked NSA exploit to spread around the world in May this year.
Now WannaCry has raised its head again, and infected self-service kiosk systems at LG Electronics in South Korea.
"We analyzed the malicious code that caused delays at some service centers on Aug 14th with the help of KISA [Korea Internet & Security Agency] and confirmed that it was indeed ransomware. According to KISA, yes it was the ransomware known as WannaCry," an LG spokesperson told ZDNet.
As soon as the ransomware was spotted on the network, LG blocked access at the service centre, preventing the malware from spreading to other parts of the organisation. The company says no data has been lost and no ransom has been paid.
According to LG, all unmanned reception terminals infected with WannaCry were functioning normally again after two days, and "all security updates of the unmanned reception terminals that had been infected with malicious code have been completed".
LG and KISA are still trying to determine how WannaCry came to infect the network at the self-service centre.
There's no official confirmation of who carried out May's original WannaCry attack, but both private cybersecurity firms and investigating government agencies have pointed to North Korea -- South Korea's geographical neighbour -- as the culprit.
While the attack was high profile, mistakes in the code meant many victims were able to unlock systems without giving into the demands of hackers.
At the time of withdrawal, the Bitcoin wallets associated with WannaCry contained just 338 payments amounting to $140,000 -- something of an insignificant haul given the ransomware infected hundreds of thousands of computers.
Microsoft takes unusual step of providing direct support to unsupported systems as targets in 74 countries -- including vast swathes of UK hospitals - have been impacted by ransomware attack across the globe.