Security researchers on Monday reported signs of a potential North Korea link to the massive cyberattack campaign that sparked havoc in computer systems worldwide and opened fresh political rifts between Russia and the United States.
After days of disruptions affecting networks worldwide, a top US official said the number of computers affected had reached 300,000, but that infection rates had slowed.
In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the ‘WannaCry’ malware and a vast hacking effort widely attributed to Pyongyang.
The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures, said Simon Choi, director of Seoul internet security firm Hauri.
‘I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies,’ he told AFP.
Isolated, nuclear-armed North Korea is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks.
In November 2014, Sony Pictures Entertainment became the target of the biggest cyberattack in US corporate history, linked to its release of North Korea satire ‘The Interview’.
More attacks were possible, Choi said, ‘especially given that, unlike missile or nuclear tests, they can deny their involvement in attacks in cyberspace and get away with it’.
Israeli-based security firm Intezer Labs said it agreed with the North Korea attribution.
The group's chief executive Itai Tevet said in a tweet: ‘@IntezerLabs confirms attribution to North Korea for #WannaCry, not only because of the function from Lazarus. More info to come.’
- Finger pointing -
The cross-border police agency Europol said the situation was ‘stable’ after attacks that struck computers in British hospital wards, European car factories and Russian banks.
But according to Michel Van Den Berghe, director of telecom group Orange's cyber security arm, a ‘second wave’ is to be expected.
Russia, China and India have blamed the United States government for developing the original code.
But Tom Bossert, President Donald Trump's top cyber and homeland security adviser, brushed aside suggestions that the attack stemmed from a flaw discovered by the US National Security Agency and later leaked.
‘This was not a tool developed by the NSA to hold ransom data,’ he said, noting that no US government systems had been hit.
‘This is a global attack,’ he added.
Russian President Vladimir Putin earlier had pointed the finger at the United States.
‘A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators,’ the Russian leader said on the sidelines of a summit in Beijing.
Russia has recently been accused of cyber meddling in several countries, but Putin said his country had nothing to do with the attack.
Over the weekend, Microsoft's president and chief legal officer Brad Smith said attacks highlighted the dangers from the NSA's ‘stockpiling’ of secret hacking tools.
- Telecoms and carmaking hit -
US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany's Deutsche Bahn rail network were among those hit. The attackers demanded money to unblock their computers.
In China, ‘hundreds of thousands’ of computers were affected, including gas stations, cash machines and universities, according to Qihoo 360, one of the country's largest providers of antivirus software.
The attack blocks computers and puts up images on victims' screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: ‘Ooops, your files have been encrypted!’
Bossert said that paying the ransom provided no guarantee files would be unlocked.
He told a news conference that ‘it appears that less than $70,000 has been paid in ransoms and we are not aware of payments that have led to any data recovery.’
Bitcoin, the world's most-used virtual currency, allows anonymous transactions via heavily encrypted codes.
A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA.
The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.
LEAVE A COMMENT Your email address will not be published. Required fields are marked*
With hospitals stressed, US enters ‘peak death week’
Brazil-China diplomatic spat over virus supplies escalates
With hospitals stressed, US enters 'peak death week' in coronavirus crisis
Qatar launches Coronavirus Information Service on WhatsApp
Acting US Navy chief says fired ship captain may have been 'stupid'
US deaths surpass 9,300 in ‘Pearl Harbour’ moment
Brazil lawmakers pass ‘war budget’ to fight virus crisis
New York state virus toll tops 4,000 with 594 new deaths in 24 hours
US enters 'hardest, saddest' week in coronavirus crisis