North Korea could be behind ransomware attack

Share

"This implies there is a common source for that code, which could mean that North Korean actors wrote WannaCry or they both used the same third-party code", said John Bambenek, threat research manager at Fidelis Cybersecurity.

Malware researcher Paul Burbage of Flashpoint, a business risk intelligence company, tells NPR's Martin Kaste that so far, he hasn't seen a solid connection between the ransomware and North Korea.

The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record. The program spreads the virus through file-sharing protocols used for data exchange in corporate networks around the world. "More details in June", it promised.

While experts are not willing to vouch for North Korean involvement, they point to a possible North Korea link to the "WannaCry" malware attack.

"In this case, there is a fragment of the technology that was associated with Lazarus", Clark said. It did not name any of the entities.

Computer code posted by Google researcher Neel Mehta showed that there were similarities between the attack last week and a vast hacking effort widely attributed to Pyongyang.

"The real situation may be serious".

Vietnam's state media said on Tuesday more than 200 computers had been affected.

Taiwan Power Co said that almost 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.

Gregory Clark is CEO of Symantec, one of the computer security firms that made the North Korea connection.

More news: German prosecutors investigating VW's Mueller over scandal
More news: Mourinho: Why I Lost Temper With Wenger On Touchline
More news: Toronto Dominion Bank Acquires 83678 Shares of Xerox Corp (XRX)

Kaspersky Lab researcher Kurt Baumgartner said: "This is the best clue we have seen to date as to the origins of WannaCry".

North Korea conducted its latest ballistic missile test early Sunday, claiming the US was within its sights and it had the capability to fire a large nuclear warhead.

WannaCry borrows code from attacks orchestrated by the Lazarus Group, a shadowy hacker collective believed to be responsible for the Sony Pictures Entertainment hack in 2014, the Bangladesh central bank hack in 2016 and the Polish bank hacks in February.

Beyond the immediate need to shore up computer defenses, the attack turned cyber security into a political topic in Europe and the United States, including discussion of the role national governments play. "However, it is worth further investigation", Mr Woodward said.

FireEye Inc, another large cyber security firm, said it was also investigating a possible link.

Victims haven't requested investigations but they want their systems to be restored, the official said.

The United Nations Security Council was swift to condemn the test, but North Korea's director of Asian affairs, Pak Jong-hak insisted Tuesday that Pyongyang would not be deterred.

The code, published on Twitter, is exclusive to North Korean hackers, researchers said. He said based on his conversations with North Korean hackers, the reclusive state had been developing and testing ransomware programmes since August. The hackers stole $81 million.

Regardless of the source of the attack, investors piled into cyber security stocks on Monday, betting that governments and corporations will spend more to upgrade their defenses.

Cisco Systems closed up 2.3 per cent on Monday and was the second-biggest gainer in the Dow Jones Industrial Average.

Share