Expert finds more North Korea links in ransomware attack

Terry Joseph
May 17, 2017

"Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCrypt", Kaspersky Lab added.

"Kaspersky Lab' GReAT researchers analyzed this information, identified and confirmed clear code similarities between the malware sample highlighted by the Google researcher and the malware samples used by the Lazarus group in 2015 attacks", said the firm.

A North Korean hacking group is being investigated over the WannaCry ransomware attack - the biggest in history. He said it was too early to tell how many websites had been affected.

"We are open to investigate in all directions, but we don't speculate and we can not confirm this. It's still too early to say anything", said senior agency spokesman, Jan Op Gen Oorth. So, if the country conducted this recent one, it would not come as a surprise.

Symantec and Kaspersky Lab agreed with Mehta's findings that hint at some sort of connection between WannaCry and North Korea.

A group with ties to North Korea is thought to be responsible for a series of attacks on financial institutions.

Europol said the situation was "stable" after attacks that struck computers in British hospital wards, European vehicle factories and Russian banks.

But although there were thousands of additional infections there, the expected second-wave outbreak largely failed to materialize, in part because security researchers had already defanged it.

In addition to Russia, China and India have blamed the USA government for developing the original code.

The virus which originates from Windows vulnerability built and developed from the U.S National Security Agency, is a probable work of unsophisticated hackers.

While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defences.

Apple Releases iOS 10.3.3 Beta 1 to Developers for iPhone/iPad
The updates also resolved a nasty kernel info leak (CVE-2017-6987) uncovered by Patrick Wardle, director of research at Synack. However, it was not made clear to whether Apple would continue to sell the devices after it cuts the updates for good.

Lyndon Rive, Elon Musk's Cousin And Former SolarCity CEO To Exit Tesla
Tesla launched its innovative solar roof tiles last week, a product that generates electricity without traditional rooftop panels. Like his cousin, Rive grew up in South Africa with an ambitious, entrepreneurial mother and an early desire to start companies .

Waymo, Lyft to team up on self-driving vehicles
Alsup ordered Uber to prevent Levandowski and all other employees from using the materials and return them to Waymo by May 31. When Lyft entered the New York Market, Uber continued to play the villain.

Speaking at a news conference after an economic conference in China, Russian President Vladi¬mir Putin told journalists that Russia "had nothing to do" with the WannaCry virus.

"Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators", he said.

"I'm afraid that there may be more attacks down the road using the rest of the tools leaked in April", he said.

USA package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany's Deutsche Bahn rail network were among those hit.

The news agency says there have been no reported incidents of the ransomware affecting government agencies.

The "WannaCry" malware virus functioned by encrypting user data, effectively barring access and demanding a ransom of between $300 and $600 in the digital currency bitcoin.

Bossert said that paying the ransom provided no guarantee files would be unlocked.

Finally, if the plan was simply to make money, it's been pretty unsuccessful on that front too - only around United States dollars 60,000 has been paid in ransoms, according to analysis of Bitcoin accounts being used by the criminals.

Jonathan Levin of Chainalysis, which monitors bitcoin payments, said there were other differences compared to most ransomware campaigns: for instance the lack of sophisticated methods used in previous cases to convince victims to pay up.

The NSA used the Microsoft flaw to build a hacking tool codenamed EternalBlue that ended up in the hands of a mysterious group called the Shadow Brokers, which then published that and other such tools online.

Other reports by Free-Prsite

Discuss This Article