Kaspersky Lab finds WannaCry creators in North Korea
Ambulances taking patients to some hospitals were forced to follow procedures that diverted them to other units after the health service was left crippled by a “ransomware” cyber attack on Friday.
He said, “It is similar to North Korea’s backdoor malicious codes”.
“Our researchers analysed this information, identified and confirmed clear code similarities between the malware sample highlighted by the Google researcher and the malware samples used by the “Lazarus Group” in 2015 attacks”, Altaf Halde, Managing Director of Kaspersky Lab (South Asia), told IANS.
The evidence is far from conclusive, however.
North Korea has never admitted any involvement in the Sony Pictures hack – and while security researchers, and the United States government, have confidence in the theory, neither can rule out the possibility of a false flag, it said.
In China, 66 of the country’s universities were affected by the global ransomware attack, authorities said.
The “ransomeware” blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”
The hackers appeared to have taken control of computers and servers around the world by sending a type of malicious code known as a worm.
The problem in the WannaCry case is that despite digging through the company’s database of more than 1 billion e-mails dating back to March 1, Barlow’s team could find none linked to the attack. This would help them to plan if their country is attacked.
Analysts at the European Union cybersecurity agency say the hackers probably scanned the internet for systems that were vulnerable to infection and exploited those computers remotely. The program spreads the virus through file-sharing protocols used for data exchange in corporate networks around the world.
But that was only part of the picture: Researchers at cybersecurity firm Kaspersky Lab said in April that a hacking group – known as “Lazarus” – also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand and Uruguay.
“We are not aware if payments have led to any data recovery”, Bossert said, adding that no USA federal government systems had been affected. The hackers group is believed to have worked out of China, but on behalf of Pyongyang.
WannaCry borrows code from attacks orchestrated by the Lazarus Group, a shadowy hacker collective believed to be responsible for the Sony Pictures Entertainment hack in 2014, the Bangladesh central bank hack in 2016 and the Polish bank hacks in February.
But it’s possible the code was simply copied from the Lazarus malware without any other direct connection. Seoul police blamed the North’s main intelligence agency for the attack.
“This was not a tool developed by the NSA to hold ransom data”, he said, noting that no U.S. government systems had been hit.