British intelligence claims North Korea is behind WannaCry, though doubts persist
The malware dubbed "WannaCry" gained notoriety when, last month, it infected over 300,000 PCs around the world. Like other ransomware, WannaCry would infect a computer, encrypt the user's files, and then demand US$300 in Bitcoin for the decryption key. The cybersecurity department of British intelligence has reported that the recent WannaCry ransomware attack was the work of The Lazarus Group — also linked to the 2014 hack of Sony Pictures, which was allegedly in response to a comedy film about North Korea.
Intelligence services, including the NSA, point to Chinese IP addresses that have been used previously by North Korea's intelligence agency. China has denied involvement in the attacks, pointing to the damage caused to their own networks. The hackers, however, are fluent in Chinese, but this does not mean that they are Chinese. North Korea and China have enjoyed a very close relationship since the birth of the communist state, and many North Koreans learn Chinese for political or business reasons.
Pinning a cyberattack on any country with 100 percent certainty is nearly impossible due to the digital nature of the internet and the crime, so the accusation of North Korea hinges on the affiliation of the Lazarus Group to the secretive country. A number of experts from the FBI, cyber security firms, and researchers still express doubt that North Korea is behind the Lazarus Group.