WannaCry finger of blame finally points at North Korea

Elizabeth Williams
May 16, 2017

WannaCry is far more unsafe than other common ransomware types because of its ability to spread itself across an organization's network by exploiting a critical vulnerability in Windows computers, which was patched by Microsoft in March 2017 (MS17-010).

Over a matter of hours on Friday, WCry used leaked National Security Agency-developed code to attack an estimated 200,000 computers in 150 countries.

Sixteen National Health Service (NHS) organizations in the United Kingdom have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible.

Barts Health, which runs five London hospitals, says it is still sending some ambulances to other hospitals and has canceled some surgeries and outpatient appointments.

The cyber companies' research will be closely followed by law enforcement agencies around the world, including Washington, where U.S. President Donald Trump's homeland security adviser said on Monday that both foreign nations and cyber criminals were possible culprits. But as Kaspersky and van Dantzig say, the connection disclosed Monday is potentially significant enough to warrant a major worldwide investigation that nearly certainly started within minutes of Mehta issuing his tweet.

The company described the temporary halt in production as a "preventative step".

Renault-Nissan said output had returned to normal at almost all its plants.

Russian Federation has recently been accused of cyber meddling in several countries, but Putin said they had nothing to do with the attack. The site is now back up but the real cause of the problem is not yet clear, said spokesman Hajime Nishikawa. Railway stations, mail delivery, gas stations, hospitals, office buildings, shopping malls and government services were also said to be affected.

He said it's likely the ransomware will spread to USA firms too.

Hitachi spokeswoman Yuko Tainiuchi said emails were slow or not getting delivered, and files could not be opened. The attackers demanded money to unblock their computers. And the fault, they argue, lies with whoever turned them into weapons - or maybe with Microsoft itself, for not having a system in place to make sure that when they issue a patch that neutralizes such attacks, everyone around the world takes the time to fix their systems.

At least one hospital was affected, according to police.

An official at South Korea's Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported for damages but was not in position to investigate the source of the attack.

It said his $11 purchase of the name on Friday may have saved governments and companies around the world millions, slowing its spread before USA -based computers were hit on a massive scale. "This was a vulnerability exploit that was part of a much larger tool put together by the culpable parties". The Russian leader also cited another theory on the origin of the malware, stating that "Microsoft's management has made it clear that the virus originated from U.S. intelligence services". Its movie ticket systems were unaffected.

Victims haven't requested investigations but they want their systems to be restored, the official said.

Russian Federation on Monday denied it had anything to do with the cyberattack.

Asked if the government had ignored warnings over the NHS being at risk from cyber attack, Prime Minister Theresa May told Sky News: "No".

Labelling Mehta's revelation "the most significant clue to date regarding the origins of WannaCry", Kaspersky researches at the same time acknowledged that the apparent use by the WannaCry attackers of the similar code is not enough to come to definitive conclusions about its origin, as there is a possibility of it being a false flag operation and more worldwide effort is necessary to unearth its roots. Governments care about collateral damage far more than criminals do.

Other reports by VgToday

Discuss This Article

FOLLOW OUR NEWSPAPER