Expert finds more North Korea links in ransomware attack

Gwen Vasquez
May 18, 2017

Shadow Brokers tried unsuccessfully previous year to auction off cyber tools it said were stolen from the NSA.

It also threatened to dump data from banks using the Swift worldwide money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. "More details in June", it added. Fewer than 10 U.S. organisations have reported attacks to the Department of Homeland Security since Friday, a USA official told reporters on Tuesday.

The countries most affected by WannaCry to date are Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.

Microsoft issued a patch for its supported systems in March, weeks before Shadow Brokers released the exploit, but many computer systems around the world remained unpatched, leaving them vulnerable to the latest ransomware attack.

The Department of Homeland Security began an "aggressive awareness campaign" to alert the tech industry to the importance of installing the patch that Microsoft issued in March that protected users from the vulnerability exploited by the attack, a U.S. official working on the attack told Reuters.

Microsoft, the company who's network were the prime focus of the attacks, said on Tuesday that it was aware of the group's most recent claim and that the companies security team was monitoring threats to "help us prioritise and take appropriate action".

More news: Russia, Saudi call for oil output deal extension

Microsoft president and chief legal officer Brad Smith said Sunday that the ransomware attack should serve as a "wake-up call" to governments not to hoard vulnerabilities. The US government has not commented directly on the matter.

Cyber security experts say the technical evidence linking North Korea to the cyberattack is somewhat tenuous, but Pyongyang has the advanced cyber capabilities, and the motive to compensate for lost revenue due to economic sanctions, to be considered a likely suspect.

Simon Choi, a director at anti-virus software company Hauri Inc., said Tuesday that North Korea is no newcomer in the world of Bitcoin and it has been mining Bitcoin using malicious computer programs as early as 2013.

Researchers at security firm Proofpoint said the related attack, which installs a currency "miner" that generates digital cash, began infecting machines late last month or early this month, but had not been previously discovered as it allows computers to operate while creating digital cash in the background. The United States accused it of being behind a cyberattack on Sony Pictures in 2014. Lazarus was behind the attacks on Sony and the Bangladesh banks for example.

"We believe the recent ransomware attack could accelerate the Windows upgrade cycle for enterprises, which would drive further upside to Office 365 Commercial MAUs [monthly active users] beyond what is now factored into our estimates", he added. In case of an attack, police said, "Your immediate efforts should be towards preventing further spread of the malware followed by sanitation of your network".

Other reports by LeisureTravelAid

Discuss This Article