Just when we thought WannaCry is dead, done and dusted, Microsoft President Brad Smith has accused North Korea of carrying out the cyberattack. Earlier this year in June, a researcher at Google said that the attack was carried out by North Korea’s Lazarus Group to which Kaspersky Lab agreed. WannaCry took control of over 200,000 computers in 150 countries and demanded ransom between $300 and $600 in Bitcoin for their encrypted files.
Microsoft President believes that the Pyongyang used “cyber tools or weapons stolen from the NSA”. According to a report on rt.com, Smith told ITV that he believed “with great confidence” that North Korea was behind the WannaCry cyberattack.
Elaborating more on the situation, Smith said, “I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States.” In the past six months, we have seen many such threats coming to life. “We need governments to come together as they did in Geneva in 1949 and adopt a new digital Geneva Convention that makes clear that these cyber-attacks against civilians, especially in times of peace, are off-limits and a violation of international law,” Smith added.
There have been random speculations that North Korea might have played a significant role in the WannaCry ransomware attack. Britain’s National Cyber Security Centre (NCSC) has also pointed out that the Lazarus Group from North Korea was behind the WannaCry attack. The Lazarus Group is believed to be operating from North Korea and has so far caused three major attacks in the world. The first one being the South Korean government in Seoul, followed by the attack on Sony Pictures and the attack on the Bangladesh Bank in 2016.
India was also among the many countries that were affected by the ransomware attack, but it was limited to just a handful of states including Andhra Pradesh, Gujarat, Kerala, West Bengal and Delhi. Microsoft had immediately issued a security patch for its unsupported systems, Windows XP, 8 and Server 2003 following the attack.
When WannaCry first appeared in early May, it spread rapidly, affecting hundreds of computers worldwide in less than a day. The ransomware started encrypting the hard drives and asking for a ransom of $300 in Bitcoin to decrypt it. It moved quickly through corporate networks via EternalBlue, first discovered by the NSA before being stolen by an allegedly Russian-hacking group called the Shadow Brokers. For those who don’t know, EternalBlue is the name given to a software vulnerability in Microsoft’s Windows operating system.