Skip to main content

WannaCry ransomware possibly linked to North Korea

(Image credit: Image Credit: Etereuti / Pixabay)

Security experts claim to have revealed a number of similarities between the code used in the recent WannaCry ransomware (opens in new tab) attack which infected over 300,000 computers in 150 countries over the weekend and previous cyber attacks launched by North Korea. 

On Monday,  Neel Mehta, a researcher from Google, posted a message (opens in new tab) on Twitter which showed a sample of the code used in this weekend's attack. However, the code first appeared online in February and had striking similarities to code previously used by the cybercrime group Lazarus responsible for the Sony Pictures attack in 2014. 

Researchers from the cyber security company Kaspersky Lab were then able to identify clear similarities between the group's code and that behind the WannaCry ransomware.  The firm downplayed the significance of the link, saying: 

“The similarity of course could be a false flag operation.  However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.” 

“This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign.  Although this similarity doesn't allow proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it can potentially lead to new ones which would shed light on the WannaCry origin which to the moment remains a mystery.” 

It is still too early to know where the WannaCry ransomware originated, and we do not yet know enough about it to conclude that North Korean cyber attackers were involved.  However, at this point cyber security experts are not dismissing any possibilities as they try to wrap their heads around the scope and severity of this attack. 

Image Credit:  Etereuti / Pixabay

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.