North Korea increasingly appears to have been behind the ransomware attack that infected hundreds of thousands of computers last month and shut down hospitals, businesses, and other systems in the process.
The Washington Post is now reporting that the US National Security Agency believes with “moderate confidence” that the ransomware, called WannaCry, came from hackers sponsored by North Korea’s spy agency. The report isn’t public, but the Post says the assessment has been distributed within the agency.
North Korea was first linked to WannaCry last month. Several cybersecurity researchers, including some at Symantec and Kaspersky Lab, saw code similarities between WannaCry and other malware previously traced back to North Korea.
At the time, the researchers said they only had a “weak” connection between WannaCry and the country, because there were other ways the code overlap could have occurred. But the NSA has now traced the ransomware back to IP addresses associated with North Korea’s spy agency, according to the Post.
Combined, the information builds a stronger case for North Korea being behind the attack. Specifically, the Post says a state-funded team known as the Lazarus Group appears to be responsible.
One very odd aspect about all of this is the fact that North Korea, a country, seems to have on some level been using WannaCry as a way to raise funds. When the malware infected a computer, it would lock down all files with encryption and demand that a $300 ransom be paid in bitcoin to restore them. Files would be deleted within seven days, the ransomware said, if the fee wasn’t paid.
According to the Post, that attempted payday hasn’t really worked. The bitcoin trail is apparently very easy to track, so it won’t be simple to cash out.
The WannaCry malware relied on leaked NSA code, so it doesn’t entirely prove North Korea’s hacking acumen either. But the country has repeatedly been involved in major hacking incidents over the past few years. In the US, most notably, it was said to be responsible for the 2014 breach of Sony Pictures. And the Post says it was linked last year to several thefts from banks throughout Asia.