Tuesday, 16 May 2017

'Strong evidence' North Korea-linked group was behind NHS cyberattack

There is "strong" evidence to suggest a North Korea-linked group was behind last week's global cyberattack, security experts say.
Simon Choi, director of South Korean anti-virus firm Hauri, said the code used in the attack shared many similarities with previous hacks attributed to North Korea-linked Lazarus Group.

The same collective is believed to have been behind the 2014 hack of Sony Pictures and is also suspected of previous attacks on the global financial system.

Mr Choi said: "I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies."

He added that since 2013, hackers aligned to Pyongyang have been using malicious software to extort Bitcoin - the online currency demanded in last week's WannaCry cyberattack.

Israeli-based security firm Intezer Labs said there were "clear code connections" between Lazarus and WannaCry, adding that the evidence "strongly suggests that these hacking tools were written or modified by the same author"

Symantec and Kaspersky are investigating whether hackers from Lazarus Group were responsible for infecting an estimated 300,000 machines in 150 countries.

Their enquiries came as the White House said that paying ransom money to unlock files encrypted by the global cyberattack does not work.

Homeland security adviser Tom Bossett told reporters he is not aware of a case where transferring $300 (£232) in Bitcoin - the amount demanded from victims of last week's attack - has "led to any data recovery".

President Trump's administration estimates that less than $70,000 (£54,285) has been paid to the criminals behind the ransomware so far.

During a White House briefing, Mr Bossert said no federal systems in the US had been affected by the malicious software.
He added that his British counterparts said they now had a "feeling of control" after the attack struck 47 NHS organisations.

Russia has denied it had anything to do with what Europol called the "largest ransomware attack observed in history", and President Vladimir Putin described it as payback for the US intelligence services.

His remarks came after Microsoft's chief legal officer said the US National Security Agency had developed the original code used in the attack, which was later leaked in a document dump.

SKY     News.