Earlier this year, the world was hit by a massive malware attack called WannaCry, which affected a considerable amount of systems across the globe – India being among them. However, among the worst hit by the attack was the UK, where WannaCry caused mass disruption in its hospital system. While immediate surveillance and system updates were able to reduce the attacks dramatically since then, but the investigation of what caused the malware attack to spread was still ongoing. However, last week, the United Kingdom government released its final report on the WannaCry ransomware attacks, and the country believes the attacks originated in North Korea.
“This attack, we believe quite strongly that it came from a foreign state,” Ben Wallace, a junior minister for security, told BBC 4 Radio, adding that the government was “as sure as possible” that nation was North Korea.
In fact, other than the recent report by the UK government, there have been speculations that North Korea might have played a significant role in the WannaCry ransomware attack. Britain’s National Cyber Security Centre (NCSC) has also pointed out that the Lazarus Group from North Korea was behind the WannaCry attack. ALSO READ: CERT-In issues alert on ‘Locky’ ransomware spreading in India
Also, UK government’s research results are parallel to the findings of Microsoft. In a report released earlier this month, Microsoft President Brad Smith accused North Korea of carrying out the cyberattack. Earlier this year in June, a researcher at Google has also said that the attack was carried out by North Korea’s Lazarus Group to which Kaspersky Lab agreed. ALSO READ: Microsoft chief blames North Korea for carrying out WannaCry ransomware attack
Microsoft President believes that the Pyongyang used “cyber tools or weapons stolen from the NSA”. According to a report on rt.com, Smith told ITV that he believed “with great confidence” that North Korea was behind the WannaCry cyberattack. Elaborating more on the situation, Smith said, “I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States.” ALSO READ: Bad Rabbit: New ransomware strikes computers in Eastern Europe and other countries
WannaCry first appeared in early May, affecting hundreds of computers worldwide in less than a day. The ransomware started encrypting the hard drives and asking for a ransom of up to $300 in Bitcoin to decrypt it. It moved quickly through corporate networks via EternalBlue, first discovered by the NSA before being stolen by an allegedly Russian-hacking group called the Shadow Brokers. For those who don’t know, EternalBlue is the name given to a software vulnerability in Microsoft’s Windows operating system. Microsoft had immediately issued a security patch for its unsupported systems, Windows XP, 8 and Server 2003 following the attack. ALSO READ: Before WannaCry and Judy, these 5 malware attacks wreaked havoc globally