Expert finds more North Korea links in ransomware attack

Joan Terry
May 18, 2017

The ransomware is widely believed to be based on an alleged NSA hacking tool leaked by the group Shadow Brokers earlier this year.

Using trademark garbled English, the Shadow Brokers group said in an online statement that, from June, it will begin releasing software to anyone willing to pay for access to some of the tech world's biggest commercial secrets.

It has reportedly also threatened to release data from banks which use SWIFT, an global money transfer network, and also information from nuclear and missile programs of countries such as Russia, China, Iran and North Korea.

The attack has caused most damage in Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.

Microsoft had patched the vulnerability exploited in WannaCry attacks with the March 2017 Patch Tuesday cycle, so all systems running Windows 7, Windows 8.1, and Windows 10 were already secure when the WannaCry ransomware dropped bombs on unsuspecting systems last week.

The Department of Homeland Security began an "aggressive awareness campaign" to alert the tech industry to the importance of installing the patch that Microsoft issued in March that protected users from the vulnerability exploited by the attack, a USA official working on the attack told Reuters.

How Many DCC PLC ORD EUR0.25 (LON:DCC)'s Analysts Are Bearish?
The stock was acquired at an average cost of GBX 919 ($11.86) per share, with a total value of £183,800 ($237,253.13). Credit Suisse maintained the shares of EZJ in report on Thursday, October 6 with "Neutral" rating.

Simon Choi, a director at anti-virus software company Hauri Inc., said Tuesday that North Korea is no newcomer in the world of Bitcoin and it has been mining Bitcoin using malicious computer programs as early as 2013.

Researchers at Symantec and Kaspersky Lab also found similarities between WannaCry malware in the latest cyberattack and previous attacks blamed on North Korea.

The development adds to the dangers exposed by the WannaCry ransomware and provides another piece of evidence that a North Korea-linked hacking group may be behind the attacks.

U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect. Lazarus was behind the attacks on Sony and the Bangladesh banks for example. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.

"We believe the recent ransomware attack could accelerate the Windows upgrade cycle for enterprises, which would drive further upside to Office 365 Commercial MAUs [monthly active users] beyond what is now factored into our estimates", he added. In case of an attack, police said, "Your immediate efforts should be towards preventing further spread of the malware followed by sanitation of your network".

Other reports by BadHub

Discuss This Article