News

Researchers find possible link to North Korea in WannaCry malware

By admin
Spread the love

Researchers from security firm Kaspersky have found the code of the WannaCry ransomware, which bears similarities to code from the Lazarus group, which has ties to North Korea. The company was tracked down by a Google researcher.

The investigation into the code began when Google researcher Neel Mehta issued a tweet without further explanation and only used the words ‘WannaCrypt Attribution’. With that, he hinted that his discovery points to a possible responsible for the WannaCry ransomware, which has spread around the world in recent days. In the post, he points to similarities in the code of an early version of the malware and that of a sample used by the Lazarus group.

That group has been linked to North Korea in Kaspersky’s previous investigations and is believed to be responsible for the Sony hack and theft at the central bank of Bangladesh. Symantec and BAE Systems also found similarities between these two incidents. In a brief analysis of Mehta’s findings, Kaspersky writes that while the code in the ransomware may have been deliberately used to create a false trail, it is unlikely. The code was present in a February WannaCry release and is no longer present in subsequent releases.

Mehta’s tweet

According to the company, more research is needed into the similarities, but the current discovery offers an important clue to the origin of the ransomware. The early version from February is said to be the precursor to the variant that spread around the world on Friday. In addition, both versions would have been compiled by people with access to the same source code.

According to Virus Bulletin researcher Martijn Grooten, the link with a state is a possible explanation for the presence of a ‘kill switch’ in the WannaCry malware, which was discovered by accident. Such a technique would be very uncommon for criminals, but would be more common among state actors, he told Ars Technica. The killswitch’s discoverer, MalwareTech, suggested that it may be a way to counteract analysis rather than a method to disable the malware remotely.

The WannaCry ransomware started spreading before the weekend, infecting about 200,000 systems in 150 countries. These included the systems of British hospitals, which were finding it difficult to perform their work due to the infection. The ransomware encrypts systems and asks for $300 in bitcoins in exchange for decryption. That amount doubles to $600 if payment is not made within three days. So far there is 35 bitcoin transferred to the people behind the malware, about 54,500 euros.

You might also like
Games

PlayStation has asked that all Gaming Heads merchandise be destroyed. Now your…

News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October