Speculations Claim North Korea Involved With WannaCry Ransomware Attacks
Cyber security experts have reportedly discovered new information about the notorious WannaCry ransomware that has attacked systems in 150 countries. They noted that a line of code from the program appeared to be similar to one of the works of a hacker group called the Lazarus Group. Based on their investigations, the hackers were apparently linked to North Korea. The analysts suggest that the cyber-attacks could be have originated from the nation.
Reports confirm that a Google security researcher named Neel Mehta discovered the similarities between the WannaCry ransomware and a malware script made by the Lazarus Group. NPR reports that the hackers were responsible for the 2014 Sony Pictures hack. They were also involved with Bangladeshi bank incident in 2016 that lost millions of dollars to the hackers. However, the current data is not enough to officially blame North Korea.
— Costin Raiu (@craiu) May 15, 2017
It is common knowledge that some hackers sometimes copy code from others, so it is not enough to convict North Korea. Further investigation about the code reveals that some parts can be traced back to 2013 when Lazarus attacked South Korean media companies. However, if their suspicions are proven, it would be the first time that a nation has used the ransomware to carry out attacks. Until now the identity of the individual or group that spread WannaCry still remains a mystery.
Other speculations about North Korea's involvement with the WannaCry ransomware claim that the malware emerged amidst the escalating tensions between South Korea and its Northern neighbor. A cyber security firm also confirmed that some known tools used by the Lazarus group were found on machines infected by the ransomware.
Paul Burbage, a malware researcher from Flashpoint, claims that there is no solid evidence that North Korea is involved with the WannaCry ransomware attacks. Gamenguide reported that the malware attacks have already prompted the US government to hold emergency meetings. Additionally, the tools used by the hackers were confirmed to have originated from the NSA.