WannaCry, the ransomware package that wreaked havoc across the world’s Windows machinery this past weekend, might have links to North Korea, security experts revealed.
The ransomware swept across the world last Friday, infecting over a quarter-million Windows machines across 150 countries. It remains a threat, but infection rates have somewhat slowed.
No ad to show here.
According to a report published by Reuters, South Korean security researchers found coding similarities in WannaCry’s earlier versions, and a different malware used by the Lazarus Group — a hacking collective with ties to North Korea.
These findings have also been noted by Google security researcher Neel Mehta, Symantec and Kaspersky.
Shared code between an early, Feb 2017 Wannacry cryptor and a Lazarus group backdoor from 2015 found by @neelmehta from Google. pic.twitter.com/hmRhCSusbR
— Costin Raiu (@craiu) May 15, 2017
The similarities suggest that the two wares could have a common creator, in this case, the Lazarus Group.
The Lazarus Group isn’t exactly a newcomer to the cybercrime space. The collective is known for hacking Sony Pictures back in 2014, just prior to the release of the The Interview starring Seth Rogan and James Franco. The movie poked fun at US-North Korean relations, and the country’s leader Kim Jong-Un.
WannaCry, and a previous batch of code in malware used by the Lazarus Group, boast some notably similarities
While leaking the movie ahead of its theatrical release, the hack also exposed a slew of sensitive company data including executive salaries, other unreleased Sony Pictures properties and employee personal information.
The United States also tied the Sony hack to North Korea.
The Lazarus Group is also known for carrying out a number of financial attacks across at least 18 countries. In 2016, the group stole US$81-million from the Central Bank of Bangladesh in one of its more infamous offenses.
Although the research is well underway, security firms and governments are not ready to implicate North Korea in the WannaCry attack, but they aren’t ruling it out.
“For now, more research is required into older versions of Wannacry,” security firm Kaspersky wrote in a blog.
“We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of Wannacry.”