North Korea Suspected in WannaCry Ransomware Attack, Security Experts Reveal

If you’ve paid attention to recent news cycles since last Friday, there’s a good chance you’ve come across mentions of the WannaCry ransomware. This particularly virulent cyberthreat has impacted over 300,000 computers across 150 countries to date. Just yesterday, estimates emerged indicating that victims have forked over roughly $70,000 to the cyberattackers. It might seem like a modest victory for the culprits, but it’s a far cry from the staggering $90 million they allegedly anticipated. With the worst of the fallout seemingly past us, it’s time for the inevitable task of attribution. From a law enforcement perspective, the primary questions that need answering are:

• Who is likely responsible?
• Which entities possess the capacity to carry out such a massive assault?
• What were their possible incentives?

To begin with, the first question is broad and remains a subject of ongoing investigation. Analysts, however, seem to have narrowed down the possibilities to North Korea, among a handful of other rogue states. North Korea has previously been implicated in cyberattacks orchestrated by the Lazarus group, a cybercrime outfit accused of largely disruptive attacks, including the much-publicized Sony breach in 2014. Furthermore, Russian security firm Kaspersky has accused Lazarus of pulling off one of the world’s biggest bank heists.

The group is believed to be responsible for serious cyberattacks on financial institutions in multiple countries, with $81 million disappearing from the Central Bank of Bangladesh in a single heist. Major cybersecurity firms, including Symantec and Kaspersky, as well as independent researchers at Google, have all thoroughly inspected the WannaCry code. These examinations have revealed signs suggesting a possible Lazarus connection, indirectly implicating North Korea. While this hasn’t been definitively confirmed, early analyses suggest a potential role of North Korea in this unsettling cyber onslaught.

But do they have the tools? As a sovereign state with a known penchant for controversial actions, it’s plausible North Korea possesses the technical means to execute such a sophisticated attack. Their southern neighbors were among the victims of WannaCry, yet North Korea’s minimal connection to the global internet may have insulated them from the attack. Considering their alleged past exploits of hacking Sony and global financial institutions, it seems apparent that they have the capabilities in place. But why would they be interested?

The prime suspect is the universal motivator: money. North Korea is under serious international sanctions, yet they have a nuclear program to fund and a reputation to uphold. With even their old ally, China, showing signs of discontent, North Korea’s conventional income sources could be under threat; pushing them towards less-than-legal means like ransomware attacks and bank heists for fund generation. Coupled with a chance to flex their digital muscles alongside their military hardware, this might fit perfectly into their larger strategy.

Regardless of the perpetrators’ identity, don’t wait till the next cyber onslaught to take action – update your Windows software today, stay vigilant and refrain from opening suspicious emails or links. Keeping your system secure goes a long way in ensuring that your computer doesn’t fall victim to malware.