Kaspersky
Kaspersky Blog - Kaspersky Lab

Cyber Security researchers have said that they have found technical evidence of North Korea's probable connection with the latest WannaCry ransomware attack that infected more than 300,000 computers in 150 countries since Friday.

Software security provider Symantec and Kaspersky Lab said that they have found some codes in an earlier version of WannaCry that also appeared in programs used by the Lazarus Group, which several researchers have identified as a North Korea-run hacking operation group, reported Reuters.

However, both the firms agreed that it's currently too early to tell if North Korea was involved in the latest attacks.

"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner told Reuters.

Researchers from both the firms have said that they need to study the codes further in order to reach any conclusion and have also asked for help from other analysts and experts.

WannaCry ransomware attack which started on Friday slowed down a bit after Monday. It was one of the fastest spreading ransomware virus the world has seen so far.

The research on this virus, which attacked computers with old versions of Windows, will be closely followed by law enforcement agencies around the world, including Washington.

While President Donald Trump's homeland security adviser said on Monday that both foreign nations and cyber criminals were possible culprits, the US and European security officials told Reuters that, although, it's too early to tell who is behind the attack, but they are certainly not ruling out North Korea anytime soon.

"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," said researcher John Miller from FireEye Inc, another large cyber security firm that is also investigating a possible link.

The Lazarus, hackers of North Korea, had previously committed heinous cyber crimes in pursuit of money and has also been accused of the theft of US$81 million from the Bangladesh central bank, according to some cyber security firms.

North Korea's response wasn't available immediately, said Reuters.

The WannaCry attackers have managed to garner around US$70,000 as ransomware from users in exchange for giving them back the access to their own computers, according to Trump homeland security adviser Tom Bossert, however, it is still unknown if the payments led to any data recovery, added Bossert.

"I believe that this was spread for the purpose of causing as much damage as possible," said Matthew Hickey, a co-founder of British cyber consulting firm Hacker House.

President of Russia Vladimir Putin, noting the technology's link to the US spy service, said it should be "discussed immediately on a serious political level."

"Once they're let out of the lamp, genius of this kind, especially those created by intelligence services, can later do damage to their authors and creators," he said.