Wanna Cry Ransomware May Be A North Korean Cyber Attack


A recent revelation by the British Cybersecurity experts reveals that Wanna Cry ransomware may be a North Korean cyber attack. This attack shook countries across the globe besides disrupting the NHS in Great Britain.

The Wanna Cry ransomware attack on the NHS is considered one of the worse hacks that ever took place. The attack did not just affect Great Britain, but it was spread across 150 countries.

North Korean Cyber Attack and Lazarus

An investigation was led by National Cyber Security Centre on a global scale. The investigation made known the fact that Lazarus Group from North Korea is behind this cyber attack. It is not the first North Korean cyber attack from Lazarus Group. Lazarus Group led a similar attack on Sony Pictures back in 2014.

The hack came on the anticipated release of the movie on North Korea, “The Interview.” The movie was a satire on the North Korean leadership. The hack led to a limited release of the film. Some reports also allege the group to be behind hacks to rob banks.

Researchers at Google and Kaspersky Research on North Korean Cyber Attack

Similarly, one researcher at Google and other fellow researchers at Kaspersky Lab found similarities in computer code. Wanna Cry ransomware and other tools used by Lazarus had the same code for designing these applications, as per researchers.

The researchers believe that since the same company developed both Lazarus tools and Wanna Cry. Therefore, the use of same code would help the hackers save time spent on coding from scratch, to quickly launch fresh cyber attacks.

Symantec’s Findings on the North Korean Cyber Attack

In a recent post by Symantec, the anti-virus software developer linked the Wanna Cry ransomware to Lazarus. The details reveal that the group was behind the hacking attack on Bangladesh Central Bank, causing a theft of $81 million.

Furthermore, the post argues that the company does not think the attack is attributable to the entire country. The company also revealed that before its full launch on May 12, the Wanna Cry ransomware had a small global presence in months of February, March, and April.

Similarities of Wanna Cry Code with other Programs

Here is a list of malware that researchers believe share the same code as Wanna Cry ransomware.

  • Backdoor.Contopee
  • Backdoor.Destover
  • Backdoor.Duuzer
  • Infostealer.Fakepude
  • Trojan.Alphanc

So Who is Actually Behind Wanna Cry Ransomware?

In an earlier post on HoursTV, we covered the news that cybersecurity researchers blamed a group of hackers Shadow Brokers behind the cyber attack. The attackers were allegedly using the stolen NSA’s cyber tools to hack the computers. However, now researchers believe that North Korea’s Lazarus is behind the attack.

NHS had a severe impact of the attack regardless of its origins. Theresa May after the attack had said that there was no evidence of compromise of the patient’s record. However, only time will tell if Conservatives will make any reasonable efforts to secure the NHS. Similarly, other organizations will have to take active steps to protect themselves from such massive attacks.

NSA’s Take on North Korean Cyberattack

The National Security Agency also points towards North Korea for the cyber-attack. The NSA has not made public so far its assessment of the attack. The National Security Agency further adds that the purpose of building this tool was to collect funds for the North Korean regime.

However, the NSA further says that the regime could not raise more than $140,000 in Bitcoin currency. The agency also reveals that the regime has not been able to cash the money so far. The intelligence agency also says that the Obama & Trump Administrations have failed to deter North Korea from launching cyber attacks on such a massive scale.