The WannaCry ransomware attack has been stopped, for now. But who’s behind it? No one knows yet. However, cyber security experts are looking into an inconclusive evidence that the North Korea could be the guilty party.
According to the experts, the methods used in attacking computers and servers worldwide resemble that of the previous attacks blamed to the said country. North Korea has been mining Bitcoin using illegal software since 2013.
The recent ransomware attack demanded payment from its victims in bitcoins. After paying, the victims could regain control over their computers. The attack affected data at hospitals, government agencies, banks and other businesses across the world.
These cyber security experts may presume that the country is responsible. However, the evidence is not yet conclusive. Authorities are still trying to identify who these extortionists are. They’re still searching for digital clues while they’re following the money.
Previous North Korean Cyberattacks
As mentioned earlier, the cyber security experts stated that the method used in the recent attack is found in the last cyber attack by the North Korea in 2009. It may not be unique in the said state, but it’s not a conventional method.
South Korea was slightly saved from the latest attack because the companies there are always updating their software. It’s partly because they’ve received constant threats from the North.
Furthermore, South Korea experienced cyber attacks frequently. Most of them are traced to North Korea. During the attacks between 2009 and 2013, the South Korea’s government websites were shut down, along with banking systems and broadcasting organizations.
Even the recent attack utilized the same code as the malware used by the Lazarus Group, the hacker group behind the Sony hack in 2014; experts think that the code might have been copied from the said malware without direct connection.
“We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of Wannacry. Looking back to the Bangladesh attack, in the early days, there were very few facts linking them to the Lazarus group. In time, more evidence appeared and allowed us, and others, to link them together with high confidence. Further research can be crucial to connecting the dots.”
Apart from Kaspersky, Symantec, too, found similarities between the tools used by Lazarus and WannaCry. Just like Kaspersky, Symantec will continue to investigate the connection.
If it would turn out that North Korea is indeed the culprit of the WannaCry ransomware, cyber security experts stated that we should start looking into ways on how to respond to future cyber threats and stop undervaluing the capabilities of the said country.
North Korea has been training students some cyber skills for more than a decade now. These skills are significant today.
Researchers also found some clues when they followed the money as ransom payments. Currently, three accounts have been identified. However, there are no signs that the funds have been touched.
Bitcoin is anonymized. Several ways can be done to convert it to cash through third parties. Thus, finding the real person cashing out the payment might be of no help, especially if that person is in a country that won’t cooperate.