Expert finds more North Korea links in ransomware attack

Share

Cybersecurity experts are pointing to circumstantial evidence that North Korea may be behind the global "ransomware" attack: the way the hackers took hostage computers and servers across the world was similar to previous cyberattacks attributed to North Korea.

Those who do shouldn't expect a quick response - or any response at all. As a result, ransom notes were displayed on movie screens in 30 branches nationwide promising to decrypt the infected computer files after a payment. After their software encrypts your computer, rendering your files inaccessible, some hackers have taken to providing step-by-step instructions to clear things up. In part driven by the severity of the attack, the world's most sensitive networks have adapted and new instances of the attack slowed over the weekend and into Monday.

Wilson, who used to work at the Federal Bureau of Investigation, where he set up a taskforce to investigate the use of virtual currencies, did not disclose all the ways that Elliptic and law enforcement agencies find criminals using bitcoin. Victims who don't pay will have their files erased after seven days.

So is there anyway to restore your system back to normal?

"I believe that this was spread for the goal of causing as much damage as possible", said Matthew Hickey, a co-founder of British cyber consulting firm Hacker House, told Reuters.

Victims are merely told to send payment to one of three bitcoin wallets and then wait for a decryption key, said Maya Horowitz, threat intelligence group manager at security firm Check Point.

The hackers behind the massive WannaCry cyberattack have succeeded in extracting some ransom payments from people locked out of their computers. Below, the handy Twitter account Ransom Tracker by Google engineer Michele Spagnuolo collates this into a single, easy-to-follow total in US dollars. "The best time to try again is Monday to Friday 9 am to 11 am, '" Horowitz said. A 2016 Fortinet report on ransomware states that one in four organisations that paid ransom lost their money and never recovered their data.

More news: Derby winner Always Dreaming gallops smoothly for Preakness

"When you demand a ransom, you have to get that money back". So far, F-Secure hasn't provided more details. But the inefficiency of the payment model makes Hickey wonder whether the hackers were really after money.

"If it was done for money, it wasn't the smartest way to get it", he said.

People have paid out "only" $50,000 worth of bitcoin. For a malicious program that's infected more than 300,000 machines, even a low ransom could have resulted a huge payoff. Bitcoin, however, is a transparent public ledger and so for the first time, the world can track these payments online, even when the attackers move these Bitcoins.

It's still unclear who created WannaCry, whether amateurs or skilled hackers. Security professionals have warned against a second attack wave, as new versions of the ransomware were detected lacking the "kill switch".

Hunt noted that one way out of the issue is to rebuild the machines that are infected. "What's interesting about this ransomware is that unless you had something like bitcoin - a way to profit from it without it being traced - this ransomware stuff would be hard to do".

On Sunday Microsoft President and Chief Legal Officer Brad Smith confirmed the WannaCrypt software used in the attack was an adaptation of the EternalBlue worm developed by the National Security Agency, which was ultimately leaked to WikiLeaks and published in their Vault 7 series earliar this year. While Microsoft released a security update to all supported devices in March, the ones that were running on unsupported versions of Windows missed out on that to become WannaCry's targets.

Share