Threat Management, Malware, Ransomware

U.S. pins WannaCry on North Korea

North Korea was behind the WannaCry ransomware that blazed a destructive path around the world last spring, wreaking havoc on hospitals, the financial sector, FedEx, and companies of all stripes, a high-ranking adviser in the Trump administration said Monday.

Referring to WannaCry as widespread, costly and “indiscriminately reckless,” President Trump's homeland security advisor, Tom Bossert, said in a Wall Street Journal opinion piece that “North Korea is directly responsible.”

WannaCry was delivered via the backdoor malware DoublePulsar and the Microsoft exploit EternalBlue – tools allegedly created by the U.S. National Security Agency and subsequently leaked by The Shadow Brokers hacking group. The wormable ransomware spread to more than 150 nations in the first three days. 

North Korea has long been thought by many to be behind the attacks with speculation pinning it on the Lazarus Group believed to have been behind the 2014 Sony hack, but Bossert's allegations were the administration's first public declaration that the country was to blame.

“We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree,” Bossert wrote. “The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”

Bossert said the U.S. would continue to apply its “maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.