The effects of the massive ransomware attacks are still being felt globally. WannaCry or WannaCrypt ransomware that attacked computers in 150 countries may have been carried out by hackers with North Korea links.
This revelation was made by an Indian-origin security researcher from Google, Neel Mehta, who found similarities in the WannaCry ransomware with an earlier code used by the Lazarus Group with ties to North Korea.
The group was behind the Sony Pictures hack in 2014 and had also stolen millions of dollars from a Bangladeshi bank in 2016.
The findings by Mehta later were also confirmed by other researchers who found that the early versions of the WannaCrypt were shared with malware tools that were once used by Lazarus.
The lines of code found in several systems were very "familiar" many experts observed. Till now the "ransomware" has infected more than 300,000 machines since May 12.
Shared code between an early, Feb 2017 Wannacry cryptor and a Lazarus group backdoor from 2015 found by @neelmehta from Google. pic.twitter.com/hmRhCSusbR
— Costin Raiu (@craiu) May 15, 2017Symantec and Kaspersky Lab also later confirmed that an earlier version of the WannaCry software contained codes used by the Lazarus Group. “At this time, all we have is a temporal link,” Eric Chien, an investigator at Symantec, told the New York Times.
“ We want to see more coding similarities to give us more confidence.’’
It is said that the Lazarus hackers worked for cash-strapped North Korea and been brazen in their attempts to pursue financial gains. The group had carried out the attacks on Sony Pictures Entertainment - in retaliation for the comedy film “The Interview.”
" This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner told Reuters.