North Korea link found to WannaCry 'ransomware', say researchers
May 17 2017 by Bridget Leonard
According to a report published by Reuters, South Korean security researchers found coding similarities in WannaCry's earlier versions, and a different malware used by the Lazarus Group - a hacking collective with ties to North Korea.
Google security research Neel Mehta sent out a cryptic message through Twitter that referenced identical code found in a sample of WannaCry from February and a version of the malware Cantopee from early 2015.
Symantec and Kaspersky Lab both said that further analysis of the code used by WannaCry is needed to pinpoint its exact origins.
Simon Choi, a director at South Korean anti-virus software company Hauri Inc. who has analyzed North Korean malware, noted that the demand for victims of the WannaCry attack to pay the ransom in bitcoins is reminiscent of North Korean tactics.
"We compared the code samples between WannaCry and previous [Democratic People's Republic of Korea] activity, but the only similarities are public libraries", Burbage says.
So what of the similarities between the WannaCry and Lazarus code samples? That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.
The perpetrators had raised less than $70,000 from users paying to regain access to their computers, according to Trump homeland security adviser Tom Bossert.
Russian Federation has recently been accused of cyber meddling in several countries, but Putin said they had nothing to do with the attack. They made some typos and successfully transferred out $81 million.
On Tuesday, some South Korean cybersecurity experts warned that more attacks might be on the way after the global distress the "WannaCry" ransomware caused.
That's right, the vulnerability that someone stole from the NSA may have been used to create a highly viral Windows virus that affected more than 300,000 computer systems in over 150 countries in a matter of days. Hospitals in the United Kingdom and Asia were among the worst affected.
North Korea usually gets the blame for this kind of caper, but it usually gets it earlier than this.
Ironically, part of the reason for its soft second wind was the virus' widespread success: "WannaCry" was one of the fastest-spreading viruses on record.
How did the attack occur?
That's how most ransomware finds its way onto victims' computers.
During a White House briefing, Mr Bossert said no federal systems in the U.S. had been affected by the malicious software.
That in turn redirected the attacks to the security company he works at, and kept the ransomware from escaping.
"XP Windows software that was at the centre of the WannaCry attack is a 10-year-old piece of software. We have already installed the necessary security in batches as far as the government key networks are concerned", said Information Technology Secretary Aruna Sundararajan in New Delhi. Businesses are still reeling from the fallout, and government agencies around the world are investigating.
It's hard to pin down who, exactly, is behind the WannaCry ransomware attack which kicked off last week.
Ryan Gaydos is a news editor for Fox News.
While some of North Korea's hacking activities appear to be motivated by its cash shortage or personal retribution, the regime also conducts more traditional attacks on its southern neighbor.
"We've seen them steal money", said John Carlin, a former assistant attorney general for national security and an ABC News contributor.
"With regard to the source of these threats, then I believe that Microsoft has spoken directly about this", Putin said.
"We're bringing all of the capabilities of the U.S. government to bear on this issue and are working side-by-side with our partners in the private sector and our worldwide partners", he said.