US makes it official: N Korea was behind WannaCry attack

19 Dec 2017

The United States on Monday officially accused North Korea of carrying out the massive WannaCry ransomware attack that infected some 300,000 computers in 150 countries including India this year.

The attack spread indiscriminately across the world in May. It encrypted and rendered useless hundreds of thousands of computers in hospitals, schools, businesses and homes. While victims received ransom demands, there was no certainty that paying the ransom would unlock their computer.

North Korea was widely suspected of being behind attack and has been denounced as such by Britain, but the United States had yet to follow suit.

Homeland security adviser Tom Bossert wrote in a Wall Street Journal op-ed published Monday night that North Korea was "directly responsible'' for the WannaCry ransomware attack and that Pyongyang would be held accountable for it. He was expected to provide more details in a briefing with reporters today.

"The attack was widespread and cost billions, and North Korea is directly responsible," he wrote. "We do not make this allegation lightly. It is based on evidence."

Among the infected computers were those at Britain's National Health Service (NHS), Spanish telecoms company Telefonica and US logistics company FedEx.

The US government has assessed with a "very high level of confidence" that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack, a Trump administration official told Reuters on condition of anonymity.

Lazarus Group is widely believed by security researchers and US officials to have been responsible for the 2014 hack of Sony Pictures Entertainment that destroyed files, leaked corporate communications online and led to the departure of several top studio executives.

North Korea has repeatedly denied responsibility for WannaCry and called other allegations about cyber-attacks a smear campaign.

"These disruptions put lives at risk," Bossert wrote. "North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious. WannaCry was indiscriminately reckless."

He said Washington must lead efforts to cooperate with other governments and businesses to "mitigate cyber risk and increase the cost to hackers," and thus improve internet security and resilience.

"When we must, the US will act alone to impose costs and consequences for cyber malfeasance," Bossert added.

President Donald Trump "has already pulled many levers of pressure to address North Korea's unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."

The WannaCry attack spread rapidly around the globe using a security flaw in Microsoft's Windows XP operating system, an old version that is no longer given mainstream tech support by the US giant.

Ransomware, which can be used on PCs as well as tablets and smartphones, is malicious software which locks computer files and forces users to pay the attackers a designated sum in the virtual Bitcoin currency to regain access to the files.

The Washington Post cited a US official as saying that Trump's administration would be urging allies to counter North Korea's cyberattack capabilities and implement all "relevant" UN Security Council sanctions.

It said the CIA had already laid blame on North Korea for the attack in November, though the assessment was classified and had not yet been previously reported.

The accusation comes as worries mount about North Korea's hacking capabilities and its nuclear weapons program.

Many security researchers, including cyber-security firm Symantec, as well as the British government, have already concluded that North Korea was likely behind the WannaCry attack.

WannaCry knocked British hospitals offline, forcing thousands of patients to reschedule appointments and disrupted infrastructure and businesses around the world.

The attack originally looked like a ransomware campaign, where hackers encrypt a targeted computer and demand payment to recover files. Some experts later concluded the ransom threat may have been a distraction intended to disguise a more destructive intent.

FedEx's computer networks were among the most heavily hit. The international shipper said in September it expected to sustain a $300-million profit hit as a result of the attack.

According to Reuters, some researchers have said they believed WannaCry was deployed accidentally by North Korea as hackers were developing the code. The senior administration official declined to comment about whether US intelligence was able to discern if the attack was deliberate.

WannaCry was made possible by a flaw in Microsoft's Windows software, which was discovered by the US National Security Agency and then used by the NSA to build a hacking tool for its own use.

In a devastating NSA security breach, that hacking tool and others were published online by the Shadow Brokers, a mysterious group that regularly posts cryptic taunts toward the US government.

The fact that WannaCry was made possible by the NSA led to sharp criticism from Microsoft President Brad Smith and others who believe the NSA should disclose vulnerabilities it finds so that they can be fixed, rather than hoarding that knowledge to carry out attacks.

Last month, the White House published its rules for deciding whether to disclose cyber-security flaws or keep them secret as part of an effort to be more transparent about the inter-agency process involved in weighing disclosure.