Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.
The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.
[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."
Here's a screenshot [wikipedia.org] of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.
Previously: Security In 2017: Ransomware Will Remain King [soylentnews.org]
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS [soylentnews.org]
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated] [soylentnews.org]
Decryption Utility for WannaCry is Released [soylentnews.org]