A South Korean cybersecurity expert said Tuesday there is more circumstantial evidence that North Korea may be behind the global “ransomware” attack: the way the hackers took hostage computers and servers across the world was similar to previous cyberattacks attributed to North Korea.
Simon Choi, a director at anti-virus software company Hauri Inc. who has analyzed North Korean malware since 2008, said the North is no newcomer to the world of bitcoins and has been mining the digital currency using malicious computer programs since as early as 2013.
In the attack, hackers demand payment from victims in bitcoins to regain access to their encrypted computers. The malware scrambled data at hospitals, factories, government agencies, banks and other businesses since Friday, but an expected second-wave outbreak largely failed to materialize after the weekend, in part because security researchers had already defanged it.
Researchers at Symantec and Kaspersky Lab have also found similarities between WannaCry and previous attacks blamed on North Korea.
Symantec released a statement on its work on WannaCry.
While Choi’s speculation may deepen suspicions that the nuclear-armed state is responsible, the evidence is still far from conclusive. Authorities are working to catch the extortionists behind the global cyberattack, searching for digital clues and following the money.
“We are talking about a possibility, not that this was done by North Korea,” Choi said.
Code reuse between wannacry and North Korea's Lazarus Group tools is a huge investigative clue... but not sufficient proof yet. More soon.
— John Bambenek (@bambenek) May 15, 2017
Some on social media don't want people to get ahead of themselves.
The Associated Press contributed to this report.