CyberCrimeSecuritySecurity Management

US Blames North Korea For WannaCry Attack

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

United States now joins the UK in officially blaming North Korea for WannaCry ransomware attack

The White House has officially said that North Korea was behind the WannaCry ransomware attack that devastated hundreds of thousands of computers around the world.

The WannaCry ransomware struck computers in May this year, and had a huge effect on the NHS for example. But it also hit many other industries as well, and caused widespread disruption and problems.

The US decision to blame North Korea follows that of the United Kingdom. In late October UK security minister Ben Wallace told BBC Radio that Britain believed “quite strongly” that the ransomware attack came from a foreign state, most likely North Korea.

wannacry

North Korea

The UK government had previously said in June that North Korea was using the ransomware to make money for its totalitarian regime.

The British conclusion came after an investigation led by the UK’s National Cyber Security Centre (NCSC), which suggested that hackers in North Korea had launched the attack.

It is widely believed that the group of North Korean hackers known as ‘Lazarus’ was behind the WannaCry attack, which also has links to the high-profile hack on Sony Pictures in 2014, as well as the theft of $81 million (around £620m) from Bangladesh’s central bank last year.

But now the Trump administration and the White House has now in a press briefing also officially attributed the WannaCry attack to the North Koreans.

“The malware encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses, and homes in over 150 countries,” said the White House. “While victims received ransom demands, paying those demands did not unlock their computers.”

“This was a careless and reckless attack,” the White House added. “It affected individuals, industry, governments. And the consequences were beyond economic. The computers affected badly in the UK and their healthcare system put lives at risk, not just money.”

And then it said that the US believes that North Korea was responsible.

“After careful investigation, the United States is publicly attributing the massive WannaCry cyberattack to North Korea,” said the White House. “We do not make this allegation lightly. We do so with evidence, and we do so with partners.”

“Other governments and private companies agree,” the White House added. “The United Kingdom, Australia, Canada, New Zealand, and Japan have seen our analysis, and they join us in denouncing North Korea for WannaCry.”

Microsoft Credit

And it pointed out that Microsoft had also traced the attack to cyber affiliates of the North Korean government.

“North Korea has acted especially badly, largely unchecked, for more than a decade,” said the White House. “The attribution is a step towards holding them accountable, but it’s not the last step.”

“We applaud our corporate partners, Microsoft and Facebook especially, for acting on their own initiative last week without any direction by the US government or coordination to disrupt the activities of North Korean hackers,” it added. “ Microsoft acted before the attack in ways that spared many US targets.”

The White House said that Microsoft and Facebook and other major tech companies had acted to disable a number of North Korean cyber exploits and disrupt their operations.

These firms also shut down accounts the North Korean regime hackers used to launch attacks and patched systems.

British Hero?

During the press briefing, the White House was also questioned about the fate of young British security researcher Marcus Hutchins.

The damage from the WannaCry attack would have been much worse but for Hutchins, after he found and activated a “kill switch” that prevented future infections from locking devices.

Hutchins was subsequently arrested in the United States and has pleaded not guilty to charges of developing and distributing the ‘Kronos’ banking malware.

The White House would not comment on the current legal proceedings against Hutchins, but did admit that the industry had “got lucky”, although it noted that the US was well prepared for the attack.

“But we also had a programmer (Hutchins) that was sophisticated, that noticed a glitch in the malware, a kill-switch, and then acted to kill it,” said the White House. “He took a risk, it worked, and it caused a lot of benefit. So we’ll give him that. Next time, we’re not going to get so lucky.”

The question now is what happens next. Ever since 2011 the United States has said that it reserves the right to retaliate with military force against a cyber attack from a hostile state.

Do you know all about security in 2017? Try our quiz!