Was North Korea Behind WannaCry Ransomware Attack?

The hackers behind the WannaCry ransomware attack that has created havoc around the globe is still a mystery, but one researcher thinks it’s Lazarus Group, the North Korean operation.

According to a report in Fortune Magazine, Google security researcher Neel Mehta tweeted lines of code Monday (May 15) from the current ransomware attack that was used in an attack in 2015. The previous attack was tied to Lazarus Group, reported Fortune.

The magazine noted that Lazarus Group, which is reportedly behind a series of online thefts which went after central banks, is thought to be a North Korea military outfit that bankrolls cyber warfare operations via crimes. Fortune noted the current ransomware attacks mesh with past behavior by the Lazarus Group. The computer code that Mehta tweeted isn’t definitive evidence that North Korea is behind the attack, although the line of code is getting attention from security researchers around the world, noted Fortune.

Meanwhile CyberScoop, an online security website, seemed to support the idea that Lazarus was behind it, reported Fortune, noting CyberScoop said researchers at Kaspersky Labs also think Lazarus Group could have played a role in the ransomware attacks.

“We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” said a blog post from Kaspersky Labs, reported Fortune.

Kaspersky Labs also discounted the idea that the code Google’s Mehta tweeted was planted by the hackers to wrongly incriminate North Korea. Officials told Reuters they were not ruling out North Korea, even though it’s too early to tell who was behind it.

As has been widely reported, a massive attack hit everything from the United Kingdom’s National Health Service, European automakers and Chinese firms and any number of companies across other verticals, winnowing its way through disparate countries into Saturday. Interpol had estimated over the weekend that more than 100,000 organizations across 150 nations had been hit by the attack, as reported by The Associated Press.

Reuters and others reported that the ransomware infections that hit computers worldwide likely trace their genesis to the U.S. National Security Agency, and Friday’s tally comes to more than 126,000 cases of infection. The malware that was sent had been hidden in any number of attachments in emails that had seemed legitimate, from files that spoofed invoices to job offers and other communications. The demands came in from $300 to $600 to give users back access to their machines.