+ A

WannaCry may have come from North Korea, Putin says it’s American

May 16,2017
The malware strain called WannaCry, which holds users’ computers hostage until they pay money, continues to spread around the world – and some see signs that it originated in North Korea.

WannaCry has spread to over 150 countries and 300,000 machines and the damage reported in Asia is growing at a faster rate than in Western countries, where attacks began.

In China, nearly 40,000 organizations, including about 4,000 educational institutions, have been hit. Prestigious Chinese colleges including Tsinghua and Peking Universities were attacked. State-run oil firm PetroChina was also hit, which disrupted electronic payments at many gas stations across China.

The state-run Korea Internet and Security Agency said a total of 14 suspected cases were reported in Korea and 11 were confirmed as of 2 p.m. Tuesday. These are all the cases reported to the agency since Friday. As of 8 a.m., the agency received 3,432 phone calls from people wondering if their computers had been attacked by the malware, which in other countries has been demanding ransoms paid in Bitcoin.

The virus encrypts a computer’s files and will only decrypt them in return for a payment, typically via Bitcoin, an online currency.

Some experts believe North Korea was behind the cyberattack. The Guardian newspaper reported that Kaspersky and Symantec, top security firms, have found evidence linking the WannaCry malware to North Korean backed Lazarus Group, which attacked Sony Pictures in 2014 and Bangladeshi Bank in 2016.

Israeli-based IT firm Intezer Labs also argued that North Korea was behind the attacks.

“We were able to find strong links to other malware families, believed to be developed by North Korean hackers, or known to be used in attacks against South Korean organizations,” said Intezer Labs in a report released Monday. “It is highly probable that WannaCry ransomware was written or used by North Korean cyber attackers.”

With rising concerns that Pyongyang might be behind of cyberattacks, Korea’s Defense Ministry raised its security level. Local media outlets Tuesday reported that the defense ministry raised its Information Operations Condition, a threat level system to defend against a computer network attack, from level 4 to level 3. There are a total of 5 levels.

However, not everyone agrees that the North is behind the attacks.

Dave Lee, a technology reporter at BBC News, said Tuesday China was among the countries worst hit and that it seems unlikely North Korea would want to target its biggest ally. He argued that North Korea wasn’t able to achieve any political goal or get a lot of money from the attacks.

“Despite appearing to be criminal activity intended to earn money, it appears that less than $70,000 has been paid in ransoms, and we are not aware of payments that led to any data recovery,” said Tom Bossert, the U.S. Homeland Security adviser in a press briefing held at White House on Monday, local time.

Some believe the United States is actually responsible for the cyberattack.

Russian president Vladimir Putin blamed the U.S. intelligence services for the WannaCry incident.

“Microsoft said it directly: the initial source of this virus is the United States security agencies,” he said in Beijing on Monday. “Russia’s got absolutely nothing to do with it.”

BY KIM YOUNG-NAM [kim.youngnam@joongang.co.kr]