WannaCry ransomware attack possibly linked to North Korea

The ransomware assault that held hundreds of computer systems hostage late final week may be linked to a hacker group with ties to North Korea, researchers have discovered. 

On Monday, Google safety researcher Neel Mehta posted a cryptic set of characters on Twitter along with the hashtag #WannaCryptAttribution. Kaspersky Lab researchers then explained that Mehta has posted two comparable code samples, one from an early model of WannaCry, and one originating from Lazarus, a hacker group which probably originates from North Korea. 

According to Ars Technica, what Mehta has discovered is proof that a February variant of WannaCry shares code with the 2015 model of Cantopee, a backdoor utilized by Lazarus Group. Moreover, the truth that WannaCry's code accommodates a kill switch — a method to cease the malware from spreading — signifies that whoever is behind the assault isn't (purely) financially motivated. 

It is potential that somebody is impersonating the group, although Kaspersky claims that is "unbelievable."

Kaspersky took an excellent look into the Lazarus Group's actions and posted its findings in April 2017. The group seems to be extremely refined and really lively; in a blog post, Kaspersky referred to as the size of the group's operation "surprising." 

The proof tying Lazarus to North Korea, nevertheless, is slim, and consists of some traces of group's exercise originating from the nation, in addition to an inventory of targets that features Sony Footage (keep in mind The Interview?) and South Korea. 

Nothing is for certain at this level, and extra analysis will probably be wanted earlier than WannaCry's makers are unmasked. Kaspersky does, nevertheless, declare that "Neel Mehta’s discovery is probably the most vital clue thus far relating to the origins of Wannacry."