WannaCry ransomware attack linked to North Korea

Security researchers say they have found evidence that suggests a state-sponsored hacking group in North Korea may be behind last week’s global WannaCry ransomware hack.

Neel Mehta, a security researcher at Google, discovered computer code found in an early version of the WannaCry malware was identical to code used by the Lazarus Group, a hacking group linked to the government of North Korea. In a cryptic tweet Monday, Mehta referenced code found in both a backdoor used by the Lazarus Group in 2015 and the WannaCry worm, which has held hundreds of thousands of computers hostage in the largest cyberextortion scheme ever.

However, the overlapping code was removed from later versions, suggesting it was planted to trick researchers into concluding that the Lazarus Group was behind the attack. Still, researchers at antivirus software maker Kaspersky Lab called that theory possible but improbable.

“For now, more research is required into older version of WannaCry,” Kaspersky Lab researchers wrote in a blog post. “We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry.”

Ransomware is malware that encrypts important files, locking people out of their computers unless they pay up to prevent their entire system from being deleted. The cyberattack has hit more than 300,000 computers in more than 150 countries since it was first detected Friday, a White House adviser said Monday.

Hackers typically demand about $300 in payment via bitcoin, an untraceable digital currency often used on shadowy parts of the internet. If that ransom isn’t paid in 72 hours, the price could double. And after a few days, the files are permanently locked.

Read full news article on CNET