Dimanche, 10 Décembre 2017
Latest news
Main » Researchers may link North Korea to ransomware

Researchers may link North Korea to ransomware

16 Mai 2017

Researchers have said that some of the code used in Friday's ransomware, known as WannaCry software, was almost identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the devastating hack of Sony Pictures Entertainment in 2014 and the last year's hack of Bangladesh Central Bank. However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.

"It's important that other researchers around the world investigate these similarities", the post reads.

On social media, students complained about not being able to access their work, and people in various cities said they hadn't been able to take their driving tests over the weekend because some local traffic police systems were down.

On Monday, Google security researcher Neel Mehta posted a cryptic set of characters on Twitter together with the hashtag #WannaCryptAttribution.

"WannaCry and this [program] attributed to Lazarus are sharing code that's unique. This group might be behind WannaCry also", Suiche said, as cited by Wired.

The threat receded over the weekend after a British-based researcher, who declined to give his name but tweets under the profile @MalwareTechBlog, said he stumbled on a way to at least temporarily limit the worm's spread by registering a web address to which he noticed the malware was trying to connect.

Attributing cyberattacks can be notoriously hard - often relying on consensus rather than confirmation, the report said.

Another possible slip-up: Nicholas Weaver, who teaches networking and security at the University of California, Berkeley, said good ransomware usually generates a unique bitcoin address for each payment to make tracing hard. The Lazarus tools could potentially have been used as method of propagating WannaCry, but this is unconfirmed. The Guardian newspaper reported that Kaspersky and Symantec, top security firms, have found evidence linking the WannaCry malware to North Korean backed Lazarus Group, which attacked Sony Pictures in 2014 and Bangladeshi Bank in 2016. The campaign is one facet of North Korea's greater bank hacking operations that included an $81 million theft from Bangladesh a year ago.

However, not everyone agrees that the North is behind the attacks. We've seen them destroy information.

British health minister Jeremy Hunt said it was "encouraging" that a predicted second spike of attacks had not occurred, but the ransomware was a warning to public and private organizations. Instructions on how to install this patch are also available at ZDNet.

The malware affected the U.K.'s National Health Service, Russia's Ministry of Interior, Germany's Deutsche Bahn rail system, automakers Nissan Motor Co. and Renault SA, logistics giant FedEx Corp., and other company and hospital computer systems in countries from eastern Europe to the United States and Asia.

Russian president Vladimir Putin blamed the USA intelligence services for the WannaCry incident. The Russian leader also cited another theory on the origin of the malware, stating that "Microsoft's management has made it clear that the virus originated from USA intelligence services".

The Department of Homeland Security began an "aggressive awareness campaign" to alert industry partners to the importance of installing the Microsoft patch shortly after it was released in March, an agency official working on the attack said.

The original attack lost momentum late on Friday after a security researcher took control of a server connected to the outbreak, which crippled a feature that caused the malware to rapidly spread across infected networks. Thus far, the attackers only have obtained about $70,000 for their efforts.

Researchers may link North Korea to ransomware