Mon | Aug 20, 2018

US pins WannaCry ransomware attack on North Korea

Published:Wednesday | December 20, 2017 | 12:00 AM
North Korea’s Kaepoong town is seen behind a North Korean military guard post (bottom) from the unification observatory in Paju, South Korea, on Tuesday, December 19. US President Donald Trump’s administration is publicly blaming North Korea for a ransomware attack that infected hundreds of thousands of computers worldwide in May.

The United States on Tuesday publicly blamed North Korea for a "careless and reckless" ransomware attack that infected hundreds of thousands of computers worldwide in May and crippled parts of Britain's National Health Service.

Homeland security adviser Tom Bossert told reporters at a White House briefing that North Korea was directly responsible for the WannaCry ransomware attack and that Pyongyang will be held accountable for it.

"This was a careless and reckless attack. It affected individuals, industry, governments and the consequences were beyond economic. The computers affected badly in the UK in their healthcare system put lives at risk, not just money," Bossert said.

Bossert said the Trump administration's finding of responsibility is based on evidence and confirmed by other private companies and foreign governments, including the United Kingdom, Australia, Canada, New Zealand and Japan. He said Microsoft traced the attack to cyber affiliates of the North Korean government.




The findings come as the US has sought to pressure Kim Jong-Un's government to end the pariah nation's nuclear and missile programmes.

"North Korea has acted especially badly, largely unchecked, for more than a decade ... its malicious behaviour is growing more egregious. And stopping that malicious behaviour starts with this step of accountability," he said.

Bossert said the Trump administration would continue to push Pyongyang to curb its ability to mount attacks and seek to partner with the private sector to prevent future attacks.

But he said Trump "has used just about every lever you can use, short of starving the North Korean people to death, to change their behaviour. So we don't have a lot of room left here to apply pressure to change their behaviour. It's nevertheless important to call them out, let them know it's them and we know it's them."

Bossert said attributing the attack to North Korea would let them know "we're going to move to stop their behaviour" and work with tech partners such as Microsoft and Facebook.

"This is allowing us to call upon all like-minded and good, responsible companies to stop supporting North Korean hackers, whether they're operating in North Korea or elsewhere," Bossert said.

The WannaCry attack struck more than 150 nations in May, locking up digital documents, databases and other files and demanding a ransom for their release.

It battered Britain's National Health Service, where the cyberattack froze computers at hospitals across the country, closing emergency rooms and bringing medical treatment to a halt. Government offices in Russia, Spain, and several other countries were disrupted, as were Asian universities, Germany's national railway and global companies such as automakers Nissan and Renault.

The WannaCry ransomware exploited a vulnerability in mostly older versions of Microsoft's Windows operating system. Affected computers had generally not been patched with security fixes that would have blocked the attack.

Security experts, however, traced the exploitation of that weakness back to the US National Security Agency; it was part of a cache of stolen NSA cyber weapons publicly released by a group of hackers known as the Shadow Brokers.

Microsoft president Brad Smith likened the theft to "the US military having some of its Tomahawk missiles stolen", and argued that intelligence agencies should disclose such vulnerabilities rather than hoarding them.

WannaCry came to a screeching halt, thanks to enterprising work by a British hacker named Marcus Hutchins, who discovered that the malware's author had embedded a 'kill switch' in the code. Hutchins was able to trip that switch, and the attack soon ended. In an unusual twist, Hutchins was arrested months later by the FBI during a visit to the US. He pleaded not guilty and now awaits trial on charges he created unrelated forms of malware.

The United States and South Korea have accused North Korea of launching a series of cyberattacks in recent years, though the North has dismissed the accusations.

Baik Tae-hyun, spokesman for South Korea's Unification Ministry, which deals with matters related to North Korea, said Monday that the Seoul government was examining whether the North was behind hacking attacks on a cryptocurrency exchange in June. About $7 million in digital money was stolen in the hacks, South Korean officials said.

There's speculation in the South that North Korean hackers are possibly targeting cryptocurrency like bitcoin to evade the heavy financial sanctions imposed over the country's nuclear weapons and missiles programme.

"We are monitoring the bitcoin-related issue. We believe that North Korea is currently engaging in various activities to evade sanctions and earn foreign currency," Baik said.

- AP