In the midst of the recent WannaCry attack, researchers were able to identify clues that link the massive ransomware outbreak to the hacker crew, Lazarus Group. This offensive cyber unit has been suspected ofoperating in North Koreafor some time now. According to internet security experts at Symantec, there is now even more proof to support the theory that there exists as strong connection between WannaCry and Lazarus Group.
Researchers first noticed coding similarities between that used by Lazarus, believed to have responsibility for the 2014 Sony Pictures hack and an unprecedented $81 million bank heist, and the coding used for the WannaCry ransomware. Prior to that, a security expert from Google, Neel Mehta, had provided links for the WannaCry ransomware and to the Contopee cyber weapon, created by Lazarus.
Symantec researchers were able to identify evidence linking some of the earliest known variations of WannaCry, which varied only slightly with the version involved in the recent attack, to a few targeted attacks. Through a detailed examination of those earlier samples of WannaCry, Symantec concluded that there were similarities in the techniques, tools, and infrastructure that the attackers used and those used in earlier Lazarus attacks. This makes the likelihood that Lazarus was behind WannaCry almost certain.
However, the security corporation noted that rather than bearing the marks of a typical nation-state campaign, the attack was more similar to a cybercrime campaign. The ransomware infected upwards of 200,000 computers, a large percentage of them used in U.K. Hospitals. The perpetrators demanded a Bitcoin payment of $300 to unlock the files, and warned that they would be deleted if the payment was not received. Its believed that theyve earned over $100,000 in Bitcoin payments thus far. Read More Here