Britain Says North Korea Was Likely Behind WannaCry Attack That Hit Hospitals

Oct 27, 2017
Originally published on October 27, 2017 12:09 pm

The WannaCry ransomware attack that crippled Britain's National Health Service and hit thousands of computers around the world in May was almost certainly carried out by North Korea, says U.K. Minister of State for Security Ben Wallace.

The British government is "as sure as possible" that Kim Jong Un's pariah state launched the attack, Wallace told BBC Radio 4.

"This attack, we believe quite strongly that it came from a foreign state," Wallace said. "It is widely believed in the community and across a number of countries that North Korea [took on] this role."

Wallace's remarks come two weeks after Microsoft President Brad Smith also blamed the North Korean regime.

"I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States," Smith said.

As we reported in May, "The WannaCry software has locked thousands of computers in more than 150 countries. Users are confronted with a screen demanding a $300 payment to restore their files."

Within days of the attack, fingers began to point at North Korea, which has sought to find ways to import currency in the face of international sanctions. Computer security experts noted that the ransomware had lines of code that are identical to work by hackers known as the Lazarus Group, which has been linked to North Korea.

In addition to naming North Korea, Microsoft's Smith has criticized U.S. agencies for "stockpiling" computer system vulnerabilities, saying that hacking methods that governments collect are increasingly falling into the hands of criminals.

Smith seemed to confirm the version of events laid out in our report in May:

"The malware behind WannaCry (also called WannaCrypt, Wana Decryptor or WCry) was reported to have been stolen from the NSA in April. And while Microsoft said it had already released a security update to patch the vulnerability one month earlier, the sequence of events fed speculation that the NSA hadn't told the U.S. tech giant about the security risk until after it had been stolen."

Copyright 2017 NPR. To see more, visit http://www.npr.org/.