kaptn - Fotolia

UK government blames North Korea for WannaCry cyber attack

The UK and US governments say a North Korean group was responsible for the ransomware attacks that hit the NHS and other organisations globally this year

The UK government has publicly blamed a North Korean group for the WannaCry ransomware attack that hit the NHS earlier this year.

The Foreign Office said it is “highly likely” that the North Korea-based Lazarus Group was behind the attack.

In May, WannaCry hit 300,000 computers in 150 countries, including 48 NHS trusts. It caused some UK hospitals to divert emergency patients and doctors reported receiving messages demanding ransom payment.

“The decision to publicly attribute this incident sends a clear message that the UK and its allies will not tolerate malicious cyber activity,” said the government.

Foreign Office minister for cyber Tariq Mahmood Ahmad said: “We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyber space. The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions.”

Ahmad said the UK is determined to identify, pursue and respond to malicious cyber activity and is “committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyber space”.

Following the attack, Symantec said tools and infrastructure used in WannaCry had strong links to Lazarus, which was previously responsible for attacks on Sony Pictures Entertainment and the Bangladesh Central Bank.

Read more about WannaCry

  • The National Crime Agency believes the recent WannaCry attacks represent a “signal moment” in terms of awareness of cyber attacks and their real-world impact.
  • Computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts.
  • Security advisers are urging organisations to patch their Windows systems to avert a possible second wave of an unprecedented, indiscriminate ransomware attack.
  • A failure by many organisations to take cyber security seriously has long been blamed on the lack of a single significant event to shake things up.

The US administration has also laid the blame for WannaCry at North Korea’s door. In a press conference, Tom Bossert, homeland security adviser to the White House, did not give evidence to support the attribution but said the US is confident that the WannaCry attacks, which spread ransomware to enterprises across the globe, were directed by the North Korean government.

Dmitri Alperovitch, CTO and co-founder of CrowdStrike, said identifying the source of cyber attacks is an important step in improving defences and raising public awareness.

“The announcement by the US government of its official public attribution of the WannaCry attack to the North Korean regime is another step in establishing the importance for regularly attributing significant attacks to nation states and criminal groups,” he said. “It also raises public awareness about North Korea’s growing offensive cyber capabilities.”

Read more on Hackers and cybercrime prevention

Data Center
Data Management