WannaCry Attack Has Links to North Korea, Amateur Flaws, Experts Say
Security experts say the WannaCry ransomware, which has wreaked havoc on computers in 150 countries, appears to be linked to the Lazarus Group, a hacking entity with ties to North Korea. Google security researcher Neel Mehta says that WannaCry has lines of code which are "identical" to previous work by the Lazarus Group.
"After Mehta highlighted the elements in the code,other researchers confirmed similarities that early versions of WannaCry � also called WannaCrypt, Wana Decryptor or WCry � shared with malware tools used by Lazarus," NPR News reported Tuesday.
Two high-profile attacks have been attributed to the Lazarus Group�the Sony Pictures hack in 2014 and the theft of millions of dollars from a Bangledeshi bank last year.
But cybersecurity experts say it's also possible the code was simply copied, and isn't necessarily a genuine product of Lazarus. While the identity of the attackers remain a mystery, the WannaCry exploit is widely known to have been stolen from the U.S. National Security Agency; a rogue group posted the vulnerability online in April.
WannaCry has been called one of the biggest ransomware attacks in history, and it primarily targets users of Microsoft Windows XP, a computer operating system that is no longer receiving security patches, or updates, leaving it vulnerable to attack. Major business and organizations including FedEx, Japanese electronics maker Hitachi, and Britain's National Health Service (NHS) have been hit, as well as the Chinese government. Europol predicts that about 200,000 computers have been affacted�?by the malware.
As The�Washington Post reports, "Thesoftware attack has taken a toll on many people in the real world. Health care providers in Britain's NHS, for example, were forced to turn ambulances away and cancel or delay cancer treatments for patients over the weekend, though officials say 80 percent of the NHS's systems were unaffected and that the disruption is easing."
While WannaCry has caused major disruptions, experts say there are amateur flaws within the code that could eventually lead to the hackers' downfall. In a ransomware attack, hackers take hold of a computer user's data and demand payment to have it returned, often in the form of a b?itcoin payment. WannaCry attackers are asking for about $300 in bitcoins for each computer they attack.
One tip-off is that the ransomware's method for accepting payments from victims is impractical for attacking thousands of computers at once. The hackers must send a code manually to each victim after receiving bitcoin payment, rather than having a more sophisticated system that automatically generates such codes.
Another amateur move, experts say, is that the malware has an easily detectable "kill switch"�a URL address that can be used to stop the malware's spread.
In a blog post,Microsoft Chief Legal Officer Brad Smith warned that global governments should treat this attack as a wakeup call. "They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world," he wrote.