Could Lazarus hackers be behind WannaCry attack?

After the storm of WannaCry or Wana Crypt0r has slightly subsided, cyber security specialists have more time to investigate the origins and the identity of the culprit. Thus, research of the programming code of the malware revealed astonishing results: evidence shows that notorious group of hackers, known as Lazarus, which is associated with North Korea, might be involved in the massive chaos caused by the malware May 12-May 14. IT experts came to such conclusion after detecting similarities of the malware code with the one which caused the hack of Sony in 2014[1].

Such theory might be more credible regarding the fact that one of the first original versions of WannaCry was found not so far from the Korean peninsula – Malaysia[2]. Though there was already a predecessor of the virus released in February this year, it failed to inflict any significant damage on the cyber space. However, everything drastically changed when a gang of hackers by the name of Shadow Brokers stole a “tool” from National Security Agency in March 2017. It was developed on the basis of Eternal Blue vulnerability which allowed secret access to a device running Windows OS. Since the virus is the hybrid of a computer worm and ransomware, it resulted in an instant spread throughout the world. More than 150 countries and 200 000 devices have been affected. By the end of the weekend, a Twitter user, MalwareTech, found a crucial vulnerability to terminate the spread of WannaCry. Current discovery gives a valuable insight about the possible culprit of WannaCry

It bought time for IT experts to come up with counterstrategy. Therefore, another security specialist named Neel Mehta published extracts[3] of the code which reveal a striking resemblance to the code related to the attack on banks launched by Lazarus in 2015. The group earned notorious fame after launching Operation Troy which lasted from 2009 to 2014[4]. Lazarus struck once again in 2014 when it hacked Sony corporation. Though the gang specializes in DDoS attacks, the current discoveries suggest that Lazarus is capable of drafting powerful ransomware as well. Currently, the ransomware succeeded in earning only $50 000[5]. Even though there is no decryption tool released yet, the virtual community is encouraged not to pay the ransom. IT experts expect more exquisite variations to come though current versions lack sophistication. They seem to be modified by other cyber felons other than the authors. On the final note, in order to reduce the probability of WannaCry hijack, Windows OS users should check whether their systems are updated to the latest version.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions