WannaCry ransomware possibly linked to North Korea

Security experts claim to have revealed a number of similarities between the code used in the recent WannaCry ransomware attack which infected over 300,000 computers in 150 countries over the weekend and previous cyber attacks launched by North Korea. 

On Monday,  Neel Mehta, a researcher from Google, posted a message on Twitter which showed a sample of the code used in this weekend's attack. However, the code first appeared online in February and had striking similarities to code previously used by the cybercrime group Lazarus responsible for the Sony Pictures attack in 2014. 

Researchers from the cyber security company Kaspersky Lab were then able to identify clear similarities between the group's code and that behind the WannaCry ransomware.  The firm downplayed the significance of the link, saying: 

“The similarity of course could be a false flag operation.  However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.” 

“This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign.  Although this similarity doesn't allow proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it can potentially lead to new ones which would shed light on the WannaCry origin which to the moment remains a mystery.” 

It is still too early to know where the WannaCry ransomware originated, and we do not yet know enough about it to conclude that North Korean cyber attackers were involved.  However, at this point cyber security experts are not dismissing any possibilities as they try to wrap their heads around the scope and severity of this attack. 

Image Credit:  Etereuti / Pixabay