If you have been watching the news since last week Friday then you may have heard of the WannaCry ransomware that has affected over 300,000 computers in 150 countries till date. Just yesterday it was revealed that victims may have paid about $70,000 to the attackers so far in what may be a victory for them but still a far cry from the $90m they expect to have least recovered from victims so far. But now that the worst of that storm may be over, its definitively time for the blame game but where do you start and speaking from a law enforcement point of view, the questions would then be
- Who could be responsible?
- Who might have such a tool to pull this off and
- What might their motive be?
So let’s begin with the first one which is also broad and will continue to evolve in the days ahead but analysts think they may have narrowed it down to North Korea and maybe a few other rogue states. Now North Korea has been accused of being behind the hacking group called Lazarus which was accused of being behind attacks like the one on Sony in 2014. The group is accused of engaging in one of the biggest bank heists in the world and Russian security firm Kaspersky says the group has attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay with $81m missing from the Central Bank of Bangladesh last year alone. Now security companies like Symantec, Kaspersky and researchers at Google who have all examined the WannaCry code have seen signs pointing to Lazarus and even as they haven’t definitively confirmed this, early results show that its likely that North Korea was responsible for this.
So now we know that it could potentially be North Korea and then the second one is if they possess the tools. Well the fact that they are a state (hermit or not) with a track record makes it well known that they have such capabilities. While their neighbor South Korea saw some of their computers affected by WannaCry, North Korea is not very connected to the rest of the world’s internet and so you can understand why they might not be affected like others. But we know that they hacked Sony and financial institutions globally and so yes, they have the tools to carry this out. But why would they be interested?
The key point on why they could have done this is “Money”. You see they are under heavy international sanctions but still need to show the rest of the world that they can still fund their nuclear program. Even China isn’t happy with North Korea these days which could also mean that their main source of income could be in danger and so there’s only one way left and that’s through illegal means such as ransomware and bank heists. The other reason North Korea could have done this is to show their digital might along with their military arsenal. North Korea is never shy of showing us the weapons they have and this might just be that.
Whatever the reason, you don’t have to wait till it happens to you, update Windows today to stay safe and please stay away from links in emails and online that could infect your computer with a malware.