British intelligence claims North Korea is behind WannaCry, though doubts persist

WannaCry is estimated to have extracted US$126,000 in Bitcoin from victims. (Source: Gillian Hann/Twitter)

US and British intelligence services believe that they tracked the WannaCry ransomware to North Korea via attributing it to the Lazarus Group, who hacked Sony Pictures in 2014 preceding the release of the comedy film "The Interview".

Douglas Black, Published 06/19/2017

The malware dubbed "WannaCry" gained notoriety when, last month, it infected over 300,000 PCs around the world. Like other ransomware, WannaCry would infect a computer, encrypt the user's files, and then demand US$300 in Bitcoin for the decryption key. The cybersecurity department of British intelligence has reported that the recent WannaCry ransomware attack was the work of The Lazarus Group — also linked to the 2014 hack of Sony Pictures, which was allegedly in response to a comedy film about North Korea.

Intelligence services, including the NSA, point to Chinese IP addresses that have been used previously by North Korea's intelligence agency. China has denied involvement in the attacks, pointing to the damage caused to their own networks. The hackers, however, are fluent in Chinese, but this does not mean that they are Chinese. North Korea and China have enjoyed a very close relationship since the birth of the communist state, and many North Koreans learn Chinese for political or business reasons.

Pinning a cyberattack on any country with 100 percent certainty is nearly impossible due to the digital nature of the internet and the crime, so the accusation of North Korea hinges on the affiliation of the Lazarus Group to the secretive country. A number of experts from the FBI, cyber security firms, and researchers still express doubt that North Korea is behind the Lazarus Group.