North Korean Hackers Charged in WannaCry Ransomware & $1.3 Billion Cybercrime Spree

Three North Korean Hackers Indicted in US Federal Court

The United States Justice Department has lodged charges in federal court against three North Korean nationals in a massive nation-state cybercrime operation. The North Korean hackers are suspected of being part of the origination team for the legendary WannaCry ransomware as well as actors in an extensive array of cybercrimes including cryptocurrency scams and cyberattacks that impacted scores of organizations including Sony Pictures, Britain’s Nation Health Service (NHS), and banks on three continents.

Don’t let ransomware take your business hostage!

Get the eBook Ransomware 101>>

See our list of 10 things you need to know about ransomware!>>

Officials allege that starting in 2014, the suspects worked as nation-state hackers and began their cybercrime operations as part of a North Korean response to the release of a Sony Pictures film disparaging that country’s leader. Those operations included: 

  • Creating and distributing several strains of malware including three variations of WannaCry ransomware its associated arts including WannaCrypt, Wana Decrypt0r 2.0, WanaCrypt0r 2.0 and Wanna Decryptor.  
  • WannaCry and its variants are estimated to have infected about 200,000 computers across 150 countries that used Windows XP and Windows 7. 
  • Organizations impacted by that malware include NHS, FedEx, Boeing, Honda, Nissan and hundreds more. 
  • WannaCry ransomware was also used in attacks against world governments including targets in India, Russia, Ukraine and Taiwan. 
  • The gang demanded payment in cryptocurrency and is estimated to have taken in $130,634.77 (51.62396539 XBT) in just its first round of attack in 2017. 
  • Officials allege that this group is behind repeated spear-phishing campaigns from 2016 through early 2020 that targeted employees of the US Defense Department, the State Department, and workers at U.S.-cleared defense contractors, energy firms, aerospace companies and tech firms. 
  • The suspects have also been charged in other schemes including electronic bank heists, money laundering, cryptocurrency scams and more hacking-related offenses.

Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashioned comic book style in light blue on dark blue with facts about cybersecurity in 2020

Learn the Secret of How Cybercriminals Trick You Into Falling for Phishing Messages!

Read Phish Files Now>>

Ransomware has been a constant menace to cybersecurity professionals as it has evolved and grown. Worldwide, ransomware attacks grew by nearly 150 percent in 2020, including more than 40 percent in Q3 2020 alone. It’s not a problem that is going away anytime soon either. It’s just too profitable. Ransomware-related cybercrime costs expected to exceed $20 billion this year, with a new ransomware attack launched every 11 seconds. 

It’s also the preferred weapon of nation-state cybercriminals. More than 40 percent of nation-state cyberattacks consist of a phishing email that’s laced with ransomware. Attacks by nation-state actors aren’t just a government problem. Over 90% of security alerts released by Microsoft about nation-state cyberattacks in 2020 warned of danger against non-governmental or infrastructure targets. Businesses and organizations in diverse industries are in their sights, with technology companies leading the pack as the targets of 60 percent of nation-state cyberattacks.  

 Protecting your systems and data from ransomware starts with protecting your company from phishing with BullPhish ID and Graphus. This power pair of solutions is exactly what you need to get the job done.

BullPhish ID

Security awareness training can stop up to 70 percent of cyberattacks from impacting your business. 

The newly updated and upgraded BullPhish ID is the ideal solution for improved security awareness training for organizations of any size. Our fresh release includes over 80 plug-and-play complete phishing campaign kits and training videos in 8 languages with content that covers today’s social engineering and spear phishing challenges as well as traditional phishing. New features include user-friendly training portals that make everyone’s experience better, expanded personalization options for campaign materials and new reporting features that help trainers and businesses measure the effectiveness of their training efforts.  


Over 40 percent of the phishing emails sent in a 2020 test weren’t caught by traditional email security.

Graphus is the second part of this winning combination, featuring automated phishing protection that puts three layers of AI-powered security between phishing email and your employees. Graphus provides strong protection immediately. Plus, Graphus is smart, so it keeps to learning your company’s communication patterns as your business evolves to provide constant protection that’s tailored to your business. It also doesn’t need fussy updates or have to wait for traditional threat intelligence to start protecting you from new threats unlike a Secure Email Gateway (SEG).

By combining these two solutions, you’ll be putting taking great strides toward improving your entire cybersecurity posture. Contact the experts at ID Agent and Graphus today to get started!

get cyber resilient to avoid healthcare ransomware attacks

Don’t let cyberattacks put the brakes on your business. Stay agile and keep your engine running under any conditions. Start your journey on The Road to Cyber Resilience now! DOWNLOAD THIS PACKAGE>>

ID Agent can help reduce all risks including IoT Cybersecurity risk & healthcare ransomware attacks

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


See our innovative, cost-effective digital risk protection solutions in action.


Contact us for an expert analysis of your company security needs and a report on your Dark Web exposure!


*** This is a Security Bloggers Network syndicated blog from Blog – ID Agent authored by Matt Solomon. Read the original post at: