Are North Korea And Lazarus Group Behind WannaCry Ransomware Attack?

North Korea could be behind the WannaCry ransomware cyber-attack. If recent theories are to be believed, then the infamous Lazarus Group might also have had something to do with the cyber-attack. There are reports suggesting that the Lazarus Group works outside China but on behalf of North Korea, notes the BBC.

North Korea, WannaCry, Lazarus Group, ransomware

cocoparisienne / Pixabay

Is North Korea or Lazarus Group to blame?

Neel Mehta, a Google security researcher, was the first one to draw the attention of experts towards the similarity in the code found within WannaCry and the other code that has been used by the notorious but sophisticated group Lazarus. It is the same group that wrecked havoc by hacking Sony Pictures in 2014 and the Bangladesh Bank in 2016.

Mehta talked about the code in a cryptic tweet on Monday, drawing a comparison between Lazarus’ early works and WannaCry, the ransomware that crippled thousands of computers in the largest cyber-extortion scheme ever. However, this overlapping code was later removed from the latest version, giving way to the possibility that the code was just a trick to trap researchers into believing that Lazarus is to be blamed notes CNET.

Still, researchers at Kaspersky Lab stated that this theory is possible, but improbable.

“For now, more research is required into older version of WannaCry,” the researchers said.

The firm further stated that it could be a key to solving some of the mysteries behind the attack, adding that Mehta’s discovery is one of the most significant clues so far.

 Who is affected by the WannaCry ransomware?

European law enforcement agencies were looking to dilute the fears building around the WannaCry attack. However, experts are not denying bigger and even more sophisticated attacks in the future, notes Vice. The appeal to calm down was undermined after the news on Monday that about 30,000 organizations in China were hurt by the attack.

For agencies with just a few computer systems, it will be easy to get the fix, but companies with large infrastructures are at a disadvantage, especially hospitals. The U.K.’s National Health Service (NHS) pointed out that expensive medical devices such as MRI machines are still running on Windows XP and cannot be replaced or upgraded easily.

The blame game

In a blog post on Sunday, Brad Smith, Microsoft’s chief counsel, stated that blame for the cyber-attack is on government agencies that hoard software and keep it secret. Smith stated that the attack is a “wake up call” for such agencies.

Also on Monday, the White House denied allegations by the United States intelligence services that the National Security Agency was “stockpiling” cyber weapons.

Tom Bossert, Homeland Security adviser to President Donald Trump, said, “This was not a tool developed by the NSA to hold ransom data.”

Bossert stated that this flaw was exploited as a part of the much larger tool designed by the culpable parties and not by the United States government, notes the Financial Times.

No matter who is behind this cruel ransomware attack, a bit of blame has to be shared by everyone, including Microsoft, which failed to release proper updates for systems, the NSA, which created the database with flaws and then failed to secure it, and individual companies that fail to update to newer OS versions.



About the Author

Aman Jain
Aman is MBA (Finance) with an experience on both Marketing and Finance side. He has worked as a Risk Analyst for AIR Worldwide, and is currently leading VeRa FinServ, a Financial Research firm. Favorite pastimes include watching science fiction movies, reviewing tech gadgets, playing PC games and cricket. - Email him at amanjain@valuewalk.com