3 min read

North Korea denies link to WannaCry ransomware attack

Graham CLULEY

May 22, 2017

North Korea denies link to WannaCry ransomware attack

It’s understandable that people should look for someone to blame after a malware outbreak as significant as WannaCry.

Is it the fault for the NSA for discovering a security vulnerability in Microsoft’s code, and not telling Microsoft at the time? Can we blame Microsoft for shipping buggy code in the first place? Are the mysterious Shadow Brokers hacking group responsible for WannaCry, because they stole details of the exploit the NSA built to take advantage of the Microsoft flaw? Should we point fingers at the organisations who failed to patch their systems in advance of the attack?

There are arguments that all of these parties should carry some responsibility for the attack occurring, but – in my view – the ultimate blame has to lie with whoever wrote the WannaCry ransomware that leveraged the NSA’s wormable exploit to such devastating affect.

Others may have made mistakes – some serious – along the way, but the criminals who need to be brought to justice in relation to WannaCry are those who developed and released the malware.

So, who were WannaCry’s makers?

Quite frankly, we don’t know. And it’s possible we’ll never know. Despite the keen interest in law enforcement agencies around the world in identifying those responsible, it’s perfectly possible that the perpetrators may remain a mystery.

But that doesn’t mean that no-one is hunting for clues.

Last week reports emerged that some security researchers have noted curious ties between the WannaCry malware and the Lazarus hacking team that has in the past been linked to attacks against Sony Pictures, and banks in Bangladesh and South Korea.

Google researcher Neel Mehta tweeted a cryptic message highlighting similar sections of code in a threat released by the Lazarus hacking gang in February 2015, and an early version of WannaCry seen in February 2017.

Security experts at Symantec and Kaspersky confirmed Mehta’s findings, describing clear similarities in the code.

The natural conclusion is that the North Korea-linked Lazarus hacking gang was also responsible for the WannaCry ransomware attack.

But things are rarely that simple on the internet, and accurately attributing malware attacks is a minefield. After all, wouldn’t it be equally possible that someone had deliberately used code from the Lazarus gang’s previous malware to point blame in the wrong direction? Or that – just as the NSA’s exploit was being re-used by WannaCry’s creators – that the attackers were “borrowing” code from some of the Lazarus hacking team’s past endeavours?

For its part, North Korea has denied that it is in any way responsible for WannaCry – describing the allegation as “ridiculous”.

Kim In Ryong, North Korea’s deputy ambassador to the United Nations, told a press conference:

“Relating to the cyberattack, linking to the [Democratic People’s Republic of Korea], it is ridiculous”. Whenever something strange happens, it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK.”

Will we ever identify those who created WannaCry?

Consider the case of the infamous Conficker worm that – like WannaCry – exploited a Microsoft Windows vulnerability, and hit millions of computers in over 190 countries in 2008/2009.

Despite Microsoft offering a US $250,000 reward for information leading to the arrest and conviction of Conficker’s author, no-one has ever been apprehended in relation to the worm, and almost 10 years later the malware continues to spread.

If Conficker’s creators cannot be identified, what chances might there be that those behind the WannaCry ransomware might make a mistake, brag about their involvement, or have left a clue in their code which could lead to their conviction?

We shouldn’t, of course, give up hope that one day we will know for certain the truth about who created WannaCry – but it doesn’t seem a sure bet.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read