SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    WannaCry Ransomware Attack Linked to North Korea by Symantec
Date    Tuesday May 23 2017, @11:34PM
Author   
Topic   
from the dear-leader-wrote-it-himself-20-years-ago dept.
https://soylentnews.org/article.pl?sid=17/05/23/1935250

takyon writes:

Symantec and FireEye have linked the recent WannaCry ransomware attacks to North Korea:

Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.

The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.

[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."

Also at NYT, Reuters, Ars Technica, and The Hill. Symantec blog (appears scriptwalled).

Here's a screenshot of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.

Previously: Security In 2017: Ransomware Will Remain King
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]
Decryption Utility for WannaCry is Released


Original Submission

Links

  1. "takyon" - https://soylentnews.org/~takyon/
  2. "Symantec and FireEye have linked" - https://www.bloomberg.com/news/articles/2017-05-23/cybersleuths-unearth-more-clues-linking-wannacry-to-north-korea
  3. "WannaCry" - https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
  4. "NYT" - https://www.nytimes.com/2017/05/22/technology/north-korea-ransomware-attack.html
  5. "Reuters" - https://www.reuters.com/article/us-cyber-attack-northkorea-idUSKBN18I2SH
  6. "Ars Technica" - https://arstechnica.com/security/2017/05/theres-new-evidence-tying-wcry-ransomware-worm-to-prolific-hacking-group/
  7. "The Hill" - http://thehill.com/policy/cybersecurity/334658-symantec-increasingly-confident-wanna-cry-linked-to-north-korea
  8. "Symantec blog" - https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group
  9. "a screenshot" - https://en.wikipedia.org/wiki/File:Wana_Decrypt0r_screenshot.png
  10. "Security In 2017: Ransomware Will Remain King" - https://soylentnews.org/article.pl?sid=16/12/14/0034220
  11. ""Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS" - https://soylentnews.org/article.pl?sid=17/05/13/116235
  12. "WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]" - https://soylentnews.org/article.pl?sid=17/05/14/2025223
  13. "Decryption Utility for WannaCry is Released" - https://soylentnews.org/article.pl?sid=17/05/19/0134200
  14. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=20371

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, WannaCry Ransomware Attack Linked to North Korea by Symantec on 2024-03-29 08:16:36