WannaCry Hackers: North Korea link?

23 May 2017


A hacking group with links to North Korea is believed to be behind this month’s WannaCry attack.

According to a BBC report, security company Symantec has said it was "highly likely" that the Lazarus group was responsible, although the character of the attack suggested it has not been carried out on behalf of the North Korean government. 

Lazarus has previoulsy been blamed for a 2014 attack on Sony and the theft of £62m from Bangladesh's central bank.

Symantec said in a blog that "substantial commonalities in the tools, techniques, and infrastructure used by the attackers" led it to conclude that the Lazarus group had instigated the WannaCry attack.

The WannaCry worm is believed to have infected computers at more than 200,000 companies.

Those infected included more than 60 NHS trusts in the UK as well as Fedex, Renault and Telefonica.

On compromised computers, the worm encrypted files and demanded a ransom of $300 (£231) in bitcoins to unlock them.

Symantec has pointed to small-scale attacks carried our previously which used the same basic malware, but also employed other technical tricks Lazarus is known to use.The earlier attacks did not exploit the vulnerability that helped WannaCry spread so far, so fast but instead used six other malicious programs favoured by Lazarus.

According to the BBC, 300 victims are believed to have paid to have their files unlocked, generating a total ransom payment of $109,245.

The money is being paid into three separate bitcoin wallets which are being closely scrutinised for activity to see if they can help identify the criminals.

To read the report in full visit: http://www.bbc.co.uk/news/technology-40010996





Contact us for more information

<< Back to Latest News items