White House Declares North Korea Culprit Behind WannaCry Cyber Attack

#1

In May, a ransomware attack known as WannaCry infected computers across the world, encrypting people’s files and charging owners hundreds of dollars to recover access to those files.

#2

Neel Mehta, a security researcher at Google, found evidence that suggests the WannaCry ransomware. The Lazarus hacking group, widely believed to be connected to North Korea, is "highly likely" responsible for the WannaCry global cyber attack that hit earlier this month, US anti-virus firm Symantec said.

#3

Neel discovered that the code found in the WannaCry malware—one that first surfaced in February—was identical to the code used in an early 2015 version of Cantopee, a malicious backdoor developed by Lazarus Group, believed to be a state-sponsored hacking group linked to the North Korean government.

#4

Roman Unuchek, a senior malware analyst at Kaspersky, said the report should serve as a reminder that attackers are not only targeting PCs but also mobile devices. The mobile threat landscape for ransomware was far from calm” during the first three months of 2017, he said. Ransomware targeting mobile devices soared, with new ransomware families and modifications continuing to proliferate.

#5

Up to 300,000 computers in 150 countries were hit by the WannaCry worm, which seizes systems and demands payment in Bitcoin to return control to users. Banks, hospitals, and state agencies were among the victims of the hackers who exploited vulnerabilities in older versions of Microsoft computer operating systems.

#6

British security officials suspected that North Korea was behind the WannaCry attacks, linking them to a group called Lazarus that was also behind the 2014 cyberattacks on Sony Pictures, the BBC reported in June.

#7

Writing in the New York Times [link subject to a paywall], Homeland Security Advisor Thomas P. Bossert wrote:

It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses, and homes. While victims received ransom demands, paying did not unlock their computers. It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible.

#8

The virus spread via email, locking staff out of their computers and demanding £230 to release the files on each employee account.

Hospital staff reported seeing computers go down 'one by one' as the attack took hold. Doctors and nurses were locked out, meaning they had to rely on pen and paper, and crucial equipment such as MRI machines were also disabled by the attack.

#9

But Dan Taylor, NHS Digital's head of security, said WannaCry had been 'an international attack on an unprecedented scale' and the NHS had 'responded admirably'.

#10

Researchers in the US, Russia, and Israel have also pointed to a potential North Korean link—but it is notoriously hard to attribute cyberattack.

#11

For its part, North Korea has denied that it is in any way responsible for WannaCry. Kim In Ryong, North Korea’s deputy ambassador to the United Nations, told a press conference:

"Relating to the cyber attack, linking to the [Democratic People’s Republic of Korea], it is ridiculous”. Whenever something strange happens, it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK."

#12

Bossert, said President Trump’s administration is in the process of fortifying U.S. cyber defenses but it will also lead action to bring North Korea to justice for the virus.

#13

Beyond WannaCry, the U.S. government is investigating allegations that actors linked to the Russian government interfered with last year’s Presidential election. Twitter and Facebook have provided evidence to Congress and the House, while both have introduced new standards aimed at preventing a repeat in the future.