Similarities spotted between last week’s cyber-attack and code used by a group with links to the North Korean government say Kaspersky and Symantec.

The companies said that technical details within an early version of the WannaCry code are similar to code used by the government-linked North Korean hackers, Lazarus Group.

An attack that hit the NHS brought to light a global ransomware infection, hitting 75,000 computers in 99 countries, demanding ransom payments in 20 languages.

Ransomware is computer malware that installs covertly on a victim’s device that either mounts the cryptoviral extortion attack from cryptovirology that holds the victim’s data hostage, or mounts a cryptovirology leakware attack that threatens to publish the victim’s data, until a ransom is paid.

NHS services across the UK were hit by a large-scale cyber-attack. Hospitals across the country have reported being hit by the attack and in some instances in England, patients are being turned away from A&E and operations are being cancelled.

Hospitals were told to pay $300 dollars – £233 – in order to regain their files. The attack affected Telefónica and several other large companies in Spain, FedEx and Deutsche Bahn. Other targets in at least 99 countries were also reported to have been attacked around the same time. Over 1,000 computers at the Russian Interior Ministry, the Russian Emergency Ministry and the Russian telecommunications company MegaFon, have been reported as infected.

WannaCry is believed to use the EternalBlue exploit, which was allegedly developed by the US National Security Agency, to attack computers running Microsoft Windows operating systems. ETERNALBLUE exploits vulnerability MS17-010 in Microsoft’s implementation of the SMB protocol.

Although a patch to remove that vulnerability had been issued on March 14, 2017, delays in applying security updates left some users and organisations vulnerable.

A “kill switch” hardcoded into the malware has allowed the initial infection to be halted but variants are expected to be created.

George Allison
George has a degree in Cyber Security from Glasgow Caledonian University and has a keen interest in naval and cyber security matters and has appeared on national radio and television to discuss current events. George is on Twitter at @geoallison

LEAVE A REPLY

Please enter your comment!
Please enter your name here