WannaCry ransomware has targeted computers running with MS Windows by encrypting their data and asking for money. Just within a day, it has attacked 230,000 computers around the world. Fortunately solutions are found to recover data from infected systems. But who is responsible to send this ransomware?
There is a proof found to associate North Korean hackers with this worldwide cyber attack. Leading security research agencies- Kaspersky Lab, Symantec and Haur Labs have noticed that the code used in WannaCry software had seen in programs used in hacking operations by North Korean agencies. A South Korean researcher, Simon Choi informed that the code is similar to North Korean backdoor illicit codes. Although Kaspersky has told not to make conclusions very soon.
They said it is important that other researchers in the different parts of the world to determine the similarities and find more facts about where did the WannaCry originate.
Additionally US and European agencies also agreed with Kaspersky comment still North Korean has not been removed from the blacklist.
How WannaCry entered?
In May, an NHS operator got cyber attack by downloading an infected software included in an email. Access to files was denied unless the victim paid $300. A UK crime agency was investigating the attack that infiltrated x-ray imaging systems and other systems of hospitals.
The origin of WannaCry was an exploit EternalBlue first found by the NSA, before it is stolen and published online by an anonymous. This exploit allowed the hacker to interact with Windows computers, penetrating their security protocols which is the major reason that the virus spread very fast and attacked many organizations in a short period of time. Wannacry is considered as a worm spreading among computers automatically.
WannaCry was totally different that spread like a Wildfire. Many researchers have speculated it may not have been intentionally released, it has features that are unique for advanced ransomware like hardcoded payment address and universal killswitch which upon registration prevents the software from self-replicating.
One thing is sure that North Korean attackers who did it are not stupid but have excelled operational scope beyond the intelligent services. It includes a wide level of criminal and terrorist activity. Using ransomware to receive funds for the country would degrade North Korea prestige in the world.