It appears the evidence is in, backing the claim that North Korea is the guilty party behind WannaCry. The claim isn’t based merely on assumption – evidence comes from more than one place. Several parties have confirmed and have begun to respond to the news. The UK and Microsoft’s tracking of the attack confirms who was behind the ransomware attack. Even Facebook has shared that it has deleted profiles operated by hacking groups that were affiliated with the North Korean government.
While running analysis, a researcher from Google referenced common code characteristics between WannaCry and previous malware. Kasperskey Lab and Symantec stated some code characteristics were similar (identical) to those used by the Lazarus Group, linked to North Korea and responsible for a Sony cyberattack in 2014.
WannaCry began attacking companies on May 12, 2017 and hit over 230,000 computers in over 150 countries in just one day. Companies and public service organizations were affected, including a hospital in the UK. The ransom demanded was $300-$600 in bitcoin.
Speculation about North Korea’s motive includes retaliation for sanctions placed on them for its nuclear activity and missile launches. Money they collected from WannaCry’s ransom likely went to supporting their nuclear program.
The WannaCry and other ransomware attacks are not over – they are likely just beginning.
Read full White House blames North Korea for WannaCry ransomware attack article