WannaCry linked to North Korean hackers


The WannaCry ransomware worm hits governments and businesses across Asia and experts warn of a wider impact to come globally as employees returning from the weekend switch on computers and check e-mails. Ryan Brooks reports.

A programmer shows a sample of a ransomware which could be the work of North Korean hackers. Picture: RITCHIE B. TONGO

SECURITY researchers have found a link between the crippling WannaCry ransomware and North Korean hackers.

Symantec Corp and Kaspersky Lab have identified similarities in the code used to create WannaCry and programs written by the North Korean hackers responsible for a string of cyber attackers including the high-profile Sony attack in the wake of the Seth Rogen and James Franco comedy Seth Rogen.

Google threat intelligence researcher Neel Mehta was the first to identify the clue.

The Global Research and Analysis Team at Kaspersky Lab have posted screen shots of two programs side-by-side in a blog post discussing the possible link.

The researchers admit the similarities could just be a case of one hacker copying and pasting another’s code, or even a false flag left to mislead investigators.

But they note the evidence is compelling enough to continue investigations following this lead.

“We believe this might hold the key to solve some of the mysteries around this attack,” the researchers say.

“One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of Wannacry.”

WARNING: Ransomware attacks set to skyrocket

The WannaCry ransomware spread across the globe on the weekend, with the malicious program encrypting people’s computer files and demanding a ransom of $405 in bitcoin.

The code used a tool leaded from the National Security Agency and patched by Microsoft months ago.

But because so many companies fail to update their software, thousands were caught up in the attack.

The White House said on Monday that less than $70,000 had been paid in ransom in the wake of the global “WannaCry” cyber attack and that it is aware of no instances in which a payment has led to the recovery of data.

Companies fell victim to the WannaCry attack after ignoring Microsoft Windows software updates available since March 14, or failing to upgrade the 16-year-old operating system Windows XP, which the company stopped supporting three years ago.

One in 15 computers still uses Windows XP globally.

The list of WannaCry victims ranged from hospitals across the United Kingdom and India to a Renault car factory in France that was forced to shut down.

Related Post