Monday, May 15, 2017

Is North Korea to blame for ransomware outbreak?

(Google security) With the world's biggest ransomware attack to date, which crippled thousands of businesses and public organizations around the world now hopefully behind us, security services across the globe are now looking into just who was behind this outbreak.

Well they are now looking in the direction of a North Korea-linked group which may be behind last week's cyberattack. Symantec and Kaspersky have revealed that they are now investigating whether hackers from the Lazarus Group were responsible for infecting an estimated 300,000 machines in 150 countries.

This all came about after a researcher found digital fingerprints that tie the WCry ransomware worm that menaced the world on Friday to a prolific hacking operation that previously generated headlines attacking Sony Pictures, the Bangladesh Central Bank, and South Korean banks. The link came in a cryptic Twitter message from Neel Mehta, a security researcher at Google. The tweet referenced identical code found in a WCry sample from February and an early 2015 version of Cantopee, a malicious backdoor used by Lazarus Group, a hacking team that has been operating since at least 2011. 

Previously discovered code fingerprints already tied Lazarus Group to the highly destructive hack that caused hard drives in South Korea to self-destruct in 2013, wiped almost a terabyte's worth of data from Sony Pictures in 2014, and siphoned almost $1 billion from the Bangladesh Central Bank last year by compromising the SWIFT network used to transfer funds.