WannaCry Ransomware News Update 2017: Attack Linked to Lazarus Hacker Group
The WannaCry ransomware took the world by storm a couple of weeks ago, shutting down hospitals, factories, organizations, and more than 30,000 computers across the globe. Now, there are reports that this global attack is linked to North Korea.
Symantec, a company that develops anti-virus and security software, speculates that WannaCry ransomware may be the work of certain North Korean hackers, who have used the same hacking tools and infrastructure in the WannaCry source code.
The security firm thinks that it is the doing of a hacker group called Lazarus, which is believed to be an offensive cyber unit from North Korea. It is also the group that was responsible for attack on Sony Pictures back in 2014, and the digital robbery of $81 million from the Bangladesh Central Bank last year.
"Whoever wrote WannaCry and its related tools had access to source code for the Lazarus tools," Symantec's technical director Vikram Thakur told Foreign Policy. "We cannot say that the latest WannaCry attacks are attributable to a government."
The publication also stated that according to a recent statement from Dan Coats, director of National Intelligence, North Korea has the means to order the attack. Although there is not enough evidence to confirm the exact source of the attack, he said, "We do know that North Korea possesses the ability to do this kind of thing."
Another clue that points the WannaCry ransomware to the hacker group is that two versions of the Destroyer, which was the disk-wiping tool used when the hackers attacked Sony Pictures, were found in one of ransomware victim's network. Also found was as a malware used by the Lazarus group in the past, which is referred to as the Volgmer.
Despite the global scale attack, the security industry does not seem to be in a state of panic. In fact, according to a report from CNET, the discussion regarding the ransomware has actually been positive.
"WannaCry became too big. It was unsuccessful. It was a failure," said Mikko Hypponen, chief research officer at cybersecurity company F-Secure.. The hackers reportedly did not even earn a lot of money from the attack.