MiscellaneousNews

‘WannaCry’ Ransomware Contains Traces of North Korean Code

For all the damage the “WannaCry” ransomware has done, there’s still one looming, unanswered question: who’s behind it? At last, there might be a clue. Google researcher Neel Mehta has noticed that an early version of WannaCry’s code shares similarities with a February 2015 sample from the Lazarus Group, a North Korea-linked outfit blamed for both the Sony Pictures hack as well as the Bangladesh Bank heist. The code changed between then and now, but it at least raises the possibility that North Korea was involved.

There is a chance that someone borrowed the code, whether out of convenience or as an attempt to throw investigators off the scent. However, experts at Kaspersky argue that a deliberate plant is “improbable” given that the similar code was removed later on. And besides, the presence of kill switches in both original and modified versions of WannaCry supports the notion that these are state-sponsored hackers. As FOX-IT’s Maarten van Danzig explains to Ars Technica, run-of-the-mill criminals rarely include failsafe measures like this — why would they want to stop the money from pouring in? Moreover, the malware doesn’t even bother to automatically check whether or not victims have paid up. If profit was really the motive, the code was exceptionally sloppy.

Source: Engadget

 

Related posts

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More