Latest in Gear

Image credit: Reuters/Edgar Su

'WannaCry' ransomware showed traces of North Korean code

It hints that an infamous hacking group might be involved.
787 Shares
Share
Tweet
Share
Save

Sponsored Links

Reuters/Edgar Su

For all the damage the "WannaCry" ransomware has done, there's still one looming, unanswered question: who's behind it? At last, there might be a clue. Google researcher Neel Mehta has noticed that an early version of WannaCry's code shares similarities with a February 2015 sample from the Lazarus Group, a North Korea-linked outfit blamed for both the Sony Pictures hack as well as the Bangladesh Bank heist. The code changed between then and now, but it at least raises the possibility that North Korea was involved.

There is a chance that someone borrowed the code, whether out of convenience or as an attempt to throw investigators off the scent. However, experts at Kaspersky argue that a deliberate plant is "improbable" given that the similar code was removed later on. And besides, the presence of kill switches in both original and modified versions of WannaCry supports the notion that these are state-sponsored hackers. As FOX-IT's Maarten van Danzig explains to Ars Technica, run-of-the-mill criminals rarely include failsafe measures like this -- why would they want to stop the money from pouring in? Moreover, the malware doesn't even bother to automatically check whether or not victims have paid up. If profit was really the motive, the code was exceptionally sloppy.

It's going to take much more research before experts can pin down WannaCry's origins, assuming that's possible. You certainly won't get a confession from North Korea even if there's smoking gun evidence of its involvement. However, what's here at least gives investigators a starting point.

Update (5/22): Kim In Ryong, North Korea's deputy ambassador to the United Nations, has branded the claim that North Korea is linked to the WannaCry ransomware as "ridiculous." Speaking at a press conference, he said: "Whenever something strange happens, it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK (Democratic People's Republic of Korea)."

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
787 Shares
Share
Tweet
Share
Save

Popular on Engadget

House panel asks Apple, Google if app makers must reveal foreign ties

House panel asks Apple, Google if app makers must reveal foreign ties

View
'Fortnite' adds lightsabers following Star Wars event

'Fortnite' adds lightsabers following Star Wars event

View
A 'Snow Crash' TV series is coming to HBO Max

A 'Snow Crash' TV series is coming to HBO Max

View
New Orleans declares state of emergency following cyberattack

New Orleans declares state of emergency following cyberattack

View
Recommended Reading: The science fiction of William Gibson

Recommended Reading: The science fiction of William Gibson

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr