The United States has fingered North Korea as the culprits behind the devastating WannaCry cyber-attack that was unleashed in May, infecting more than 300,000 computers across 150 countries and causing billions of dollars’ worth of damages.
“The [WannaCry] attack was widespread and cost billions, and North Korea is directly responsible,” Trump’s homeland security adviser, Thomas P. Bossert, wrote in an op-ed in the Wall Street Journal on Monday. “We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either.”
“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious,” Bossert wrote. “WannaCry was indiscriminately reckless.”
Another U.S. official tells the Washington Post that, on Tuesday morning, the White House plans to call on “all responsible states” (i.e. United Nations member states) to keep North Korea from ever conducting cyberattacks on such a massive scale.
The consensus among security researchers is that WannaCry was indeed a state-sponsored attack.
WannaCry, the most powerful ransomware attack deployed to date, encrypted the data on infected systems and demanded a ransom be paid to its authors in the form of cryptocurrency (i.e. Bitcoin).
Leveraging an NSA-developed exploit and a vulnerability in outdated Windows OS installations, WannaCry held hostage more than 300,000 computers worldwide, many owned by hospitals, banks and telecommunication companies, causing billions of dollars in damages to these organizations.
In 2014, the Obama administration blamed North Korea for hacking Sony Pictures and leaking internal documents, private emails and personal information of 47,000 employees.
North Korea has historically denied cyber-attacks involving other nations, calling these accusations “smear campaigns” aimed at defaming its regime.
As the US government prepares an official statement squarely blaming North Korea for the WannaCry cyber-extortion scheme, Pyongyang is undoubtedly preparing its own response, likely denying any involvement in the attack.
This is a Security Bloggers Network syndicated blog post authored by Filip Truta. Read the original post at: HOTforSecurity