The WCry Attack: North Korea to Blame? 2017

At the moment, you probably know that Internet e was attacked and taken hostage around the glob by a ransomware worm called WannaCry or WCry. In one of the biggest attacks ever, hospitals, businesses, universities and governments in at least 150 countries have been hit by a cyberattack that locked computers and demanded a ransom.

The number of people affected by the attack is now expected to exceed 300,000 users. The initial attack seems to have been blocked, and now the focus has been placed on who is behind the attack.

The coup may point to North Korea, as this attack carries the fingerprints of the attacks against Sony Pictures, the Central Bank of Bangladesh and several South Korean banks, dating back about four years.

The possibility of a Google security researcher, Neel Mehta, who referred to an identical code found in the WCry sample at a malicious high devido gate used by the Lazarus group – a North Korean cybercrime team that has been running since 2011 They have already been linked to the aforementioned attacks.

A closer look at coding links will be necessary to support the conclusion that the group, which previously operated on behalf of the disadvantaged system, is responsible. But amidst all uncertainty, Kapersky Labs found a core of certainty,

“One thing is for sure: the discovery of Neel Mehta is the most important clue to date about the origins of WannaCry.”

Another reason why the attack was triggered by a civilian or privately sponsored piracy group, were some revealing techniques that were previously found to be widespread in written malware By pirates hacked by the nation – namely “killswitches”. As Martijn Grooten, a security researcher for Virus Bulletin, told Ars Technica,

“Malicious writers rarely ask themselves” What about all that is happening totally? “Killswitches in malware are scarce and I can only think of government malware with embedded ones.Governments worry about collateral damage much more than criminals.North Korea has recently been active as Group Lazare. “

He added that it is not unquestionable that North Korea could have remained somewhat “shaken”, and removed it from the debacle by engaging a piracy group.

However, taking over North Korea at this early stage could be premature, however. The similarities in the code do not always mean that the same piracy group is responsible. An entirely different group may have simply re-used the Lazarus group’s backdoor code from 2015 to confuse everyone trying to identify the author. As noted by a Kapersky Lab in a blog post,

“We believe it is important that other researchers around the world investigate these similarities and try to discover more facts about the origin of WannaCry.”

But some people are of the opinion that money alone may not have been the only reason. “I believe this was widespread in order to cause as much damage as possible,” said Matthew Hickey, co-founder of the British cybercafé Hacker House.

This idea is reinforced by the fact that in 2016, by appropriating the SWIFT code, the group was able to siphon some $ 1 billion from the Central Bank of Bangladesh. This figure would eliminate any risk of spreading this caper. It was also suggested that North Korea sought to hamper the NSA and the United States – particularly in light of current nuclear tensions and calls from the leaders of the respective countries.

What can not be lost or rejected in this fiasco is the role played by the NSA and its voracious appetite for private information of citizens. Wcry used NSA codes developed in his expansive attack. It was posited that the exploits of WannaCry used in the attack were taken from a stolen data trick of the NSA by the Shadow Brokers in August 2016.

The NSA and other government agencies around the world create and collect vulnerabilities in popular software (such as Windows) and use them for intelligence gathering and cyberwarfing. “We need governments to consider the damage caused to civilians by the accumulation of these vulnerabilities and the use of these exploits,” said Brad Smith, Microsoft President and Chief Legal Officer.


Chiming in was Jeremy Wittkop, technology director of the security company Intelisecure, which urged governments not to have enough caution with the weapons they created,

“The government has a responsibility, like nuclear weapons, to ensure that they do not fall into the hands of the wrong people,” he said. “If you’re going to create something that can cause a lot of damage, you have to protect it.”

Once these weaknesses have been disclosed by the Shadow Brokers, they have become available to cybercriminals to hold the world hostage for financial gain by creating the ransomware system that exploits them. If the neglect or embezzlement of the NSA is at the heart of this issue, the irony would be too precious and the lessons learned are obvious.

You can not continue to extract information with impunity without a certain return. Meanwhile, as usual, the government’s “policemen” are struggling, playing catch-up to repel the perpetrators.

Be the first to comment

Leave a Reply

Your email address will not be published.