North Korean hackers behind WannaCry ransomware attack, NSA believes


The US National Security Agency (NSA) has blamed the WannaCry ransomware virus on North Korea.

Having analysed the techniques used in the global attack, which hit more than 300,000 computers in 150 countries around the world last month, US intelligence agents believe with “moderate confidence” that North Korea’s spy agency created the virus.

An individual familiar with the contents of an internal NSA report has that officials have linked the ransomware outbreak to the Reconnaissance General Bureau (RGB), the shadowy spy agency that oversees North Korea’s clandestine operations.

The report states that “cyber actors” thought to have been “sponsored” by the RGA built two versions of the virus around a leaked NSA hacking tool posted online by cyber crime collective the Shadow Brokers.

Analysts believe the worm was created to raise money for the North Korean regime. The virus encrypted files stored on infected devices and demanded a ransom of $300 (€269) to unlock them.

The hackers behind the ransomware only made $140,000 in virtual currency Bitcoin, which they have left untouched in a digital wallet through fear of being tracked down after making an error that would make any withdrawal easy to track for law enforcement agencies.

The Post tells readers that while the NSA assessment is not conclusive, the majority of evidence points to the RGB and the North Korean government. The NSA declined a request for comment from the Post.

Elsewhere, that UK intelligence workers also believe North Korea was behind the WannaCry ransomware attack, which crippled Britain’s National Health Service.

An investigation conducted by the UK’s National Cyber Security Centre (NCSC) has led to a notorious North Korean hacking collective that targeted Sony Pictures in 2014; the Lazarus group.

The alleged contents of the NSA report and the findings of the NCSC investigation chime with analysis from online security firms and , who both linked the WannaCry virus to the Lazarus collective.

Symantec and Kaspersky both said they had discovered that some of the code used to build WannaCry had appeared in past viruses linked to the Lazarus group.

Separately, a North Korean computer professor who defected from the isolated country that the RGB was responsible for a spate of global cyber-attacks, including the WannaCry outbreak.

Kim Heung-kwang said WannaCry and a range of other viruses may have been built by Unit 180, a secretive RGB cell.

“Unit 180 is engaged in hacking financial institutions [by] breaching and withdrawing money out of bank accounts. The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace,” Kim said.