The U.S. government publicly blamed North Korea for the devastating “WannaCry” ransomware attack that affected more than 150 countries earlier this year. Homeland Security Advisor Tom Bossert attributed the attack to the secluded nation on Monday evening in a Wall Street Journal op-ed and gave a public briefing Tuesday morning.
In May this year, a crippling ransomware attack spread rapidly throughout the world, infecting tens of thousands of computers and taking down critical systems in hospitals, schools, and businesses. Some of the hardest hit victims included hospitals in the U.K., FedEx, and Spanish Telecom giant Telefónica.
The cyber attack was made possible by a vulnerability in outdated versions of Microsoft Windows that was first discovered by the National Security Agency (NSA) then posted publicly online by hackers. The attack was eventually slowed by “MalwareTech,” a 22-year-old “accidental hero” who stumbled upon the code’s kill switch.
Here is a video showing a machine on the left infected with MS17-010 worm, spreading WCry ransomware to machine on the right in real time. pic.twitter.com/cOIC06Wygf
— hackerfantastic.x (@hackerfantastic) May 13, 2017
For those who aren’t familiar, ransomware is a type of malware that infects a computer and locks users out of their files. Typically, the only way for a user to regain control is to pay a ransom fee. In the case of WannaCry, victims were demanded to pay in Bitcoin, a decentralized, unregulated form of digital money that uses cryptography techniques to ensure secure transactions and control the creation of new units.
After it was determined the hackers weren’t unlocking computers after receiving payment, most infected individuals and companies chose not to pay the ransom. Because of its unconventional decision to keep devices locked, the hackers received very little money considering the attack’s wide reach. Well-known security researcher Brian Krebs estimated in May that only $26,000 had been stolen while the New York Times reported a slightly higher figure. Bossert didn’t give an exact number when asked how much money the North Korean hackers received, but said: “I don’t think they got a lot of it.”
Bossert said he doesn’t believe North Korea intended to raise money for any specific cause. Rather, the WannaCry attack was ordered by Kim Jong-un to wreak havoc and cause destruction.
“We do not make this allegation lightly. It is based on evidence,” Bossert wrote. “We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”
While few specifics were offered on how the White House determined the attacks came from North Korea, Bossert said the U.S. discovered that intermediaries were acting on behalf of Pyongyang while working out of other countries and that these accomplices had done so before. The U.S. is expected to ask “all responsible states” to stop North Korea from conducting cyber attacks and to implement all “relevant” United Nations Security Council sanctions, sources tell the Washington Post.
“North Korea has done everything wrong as an actor on the global stage that a country can do and President Trump has used every lever you can use short of starving the people of North Korea to death to change their behavior,” Bossert said in Tuesday’s press conference. “So we don’t have a lot of room left to apply pressure to change their behavior. It’s nevertheless important to call them out and let them know that it’s them and we know it’s them. I think at this point, some of the benefits that come from this attribution is letting them know that we’re going to move to stop their behavior.”
The Department of Homeland Security called on the private sector to work closely with the government by reporting more attacks and providing technical information about their vulnerabilities. Facebook and Microsoft were both praised by the DHS for acting on their own to patch existing vulnerabilities and helping trace attacks to North Korea. Bossert says just last week Microsoft and Facebook disrupted North Korean cyber exploits as they were trying to infect systems.
The U.K.’s foreign minister Nazir Ahmed also linked the attacks to North Korea on Tuesday, though British Security Minister Ben Wallace had already attributed the attack to the country in October.
“We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace,” Lord Ahmed said, according to the Guardian. “The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions.”