WannaCry ransomware may have links with North Korea, researchers suggest

WannaCry ransomware may have links with North Korea, researchers suggest

Ransomware attacks won't stop until devices are updated to their latest versions and their inherent vulnerabilities are taken care of.

WannaCry ransomware may bear links to a previous malware which had a role in a Bangladesh bank heist as well as an attack on Sony Pictures in 2014.

A security researcher at Google has revealed that WannaCry shares an identical code with a malware used by the Lazarus group in 2014.

Between 2013 and 2014, a prolific hacker group calling themselves Lazarus wreaked havoc around the world. The group was said to be involved in a destructive cyber-attack on Sony Pictures which destroyed up to 1TB worth of data, an online heist on a Bangladesh bank and an attack on thousands of hard drives in South Korea which also destroyed tonnes of data.

Russia faces brunt of WannaCry ransomeware attacks, terms it cyber-terrorism

Security researchers have often linked Lazarus to North Korea. Speculations include either the country personally orchestrating such cyber-attacks or funding international hacker groups to do the dirty work for them. Lazarus hasn’t been very active since, but a recent tweet by Neel Mehta, a security researcher at Google, suggests that the recent WannaCry ransomware may share an identical code with Cantopee, a malware used by the Lazarus group to attack systems around the globe.

However, while the codes suggest similar patterns being used by hackers behind both malware, researchers haven’t irrefutably established the link so far. “For now, more research is required into older version of WannaCry. We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure—Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” noted researchers at Kaspersky Labs.

Cracking the WannaCry attack

Martijn Grooten, a security researcher at Virus Bulletin told Ars Technica that there are several factors which establish that WannaCry originated in North Korea, or is state-sponsored. WannaCry carries a kill switch which enables hackers to switch off the malware’s operation in certain systems whenever they please. This is mostly a tool used by state-sponsored hackers to kill off malware when objectives are achieved or to prevent collateral damage, like killing off their own systems.

“Killswitches in malware are rare, and I can only think of government malware with those built in. Governments care about collateral damage far more than criminals do. And North Korea has recently been active as the Lazarus group,” he said.

More ransomware attacks expected as security vulnerabilities persist

Hackers behind WannaCry have so far used kill switches to kill off malware in certain systems after victims paid them between $300 to $600 as ransom. The malware has affected hundreds of thousands of systems across 150 countries but several government agencies and businesses have saved their systems by shutting them down or disconnecting them from the internet. In the UK, the NHS bore the brunt of the attack with as many as 16 NHS hospitals suffering outages or system shutdowns over the past few days.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]