World War 3 : Did North Korea Launch Ransomware Attack
Did North Korea fire the first shot in World War 3 by launching the Ransomware Cyber attack, researchers say, very possible. Even worse is the idea that if the original software was on NSA computers, did North Korea gain access to NSA data?
The speculation over a North Korean connection arose Monday, after the well-known Google security researcher Neel Mehta revealed a resemblance between the code used in what is said to be an early version of WannaCry ransomware and that in a hacker tool attributed to the notorious Lazarus Group in a Twitter post.
Containing what might look like a random set of figures and letters to an outsider accompanied by the hashtag #WannaCryptAttribution, the post has immediately drawn attention of cybersecurity experts and has been since extensively shared. Shedding light on the otherwise cryptic message, Kaspersky Lab explained in a blog post that Mehta drew parallels between “a WannaCry cryptor sample from February 2017” and “a Lazarus APT [Advanced Persistent Threat] group sample from February 2015.”
American security giant Symantec voiced a similar opinion in a statement Monday. Saying that it had discovered a code used in the malware that “historically was unique to Lazarus tools,” the company refused to speculate on North Korea’s role in the attack.
“We have not yet been able to confirm the Lazarus tools deployed WannaCry on these systems,” it stressed.
The Lazarus Group is believed to be behind numerous high-profile hacking attacks on banks’ SWIFT servers, including an attempt to steal $851 million from Bangladesh Central Bank last February and is deemed to be responsible for the November 2014 Sony Pictures hack.
The ransomware began its global spread on Friday. Dubbed WannaCry, it exploits vulnerability in the Windows operating system that was first discovered by the National Security Agency (NSA) and was later leaked to public by the hacker group the Shadow Brokers last month, prompting Windows to close the loophole and issued an update. Once the malware infects the system, it sends the user a text file with a ransom demand for some $300 worth of Bitcoins. It also installs a countdown timer on the victim’s wallpaper, demanding to pay the ransom if one does not want private files deleted.
Among the notable victims affected by the virus were the National Health Service (NHS) hospitals in the UK, Russia’s Interior Ministry, Spain’s telecommunications company Telefonica and reportedly some Chinese government agencies.
WannaCry demanded ransoms starting at $300, in line with many cyber extortion campaigns, which keep pricing low so more victims will pay.
Still, some security experts said they were not sure if the motive of WannaCry was primarily to make money, noting that large cyber extortion campaigns typically generate millions of dollars of revenue.
“I believe that this was spread for the purpose of causing as much damage as possible,” said Matthew Hickey, a co-founder of British cyber consulting firm Hacker House.