Trump administration says North Korea 'directly responsible' for WannaCry

By Jessica Davis
10:34 AM
Share
The global ransomworm attack crippled over 300,000 devices in more than 150 countries in May, including 16 branches of the U.K. National Health Service.
WannaCry ransomware

North Korea was directly responsible for the WannaCry ransomworm that infected over 300,000 devices in more than 150 countries in May, the Trump administration’s Homeland Security Adviser Tom Bossert announced Monday night in a Wall Street Journal blog post.

“The attack was widespread and cost billions, and North Korea is directly responsible,” Bossert wrote. “We do not make this allegation lightly. It is based on evidence.”

“We are not alone with our findings, either,” he continued. “Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”

[Also: Kaspersky controversy: U.S. intelligence heads warn not to trust Russian security company; KGB-trained CEO stands by record]

Security firms Symantec, BAE Systems and Kaspersky Labs discovered a connection between the virus and the Lazarus Group in May, while Google Security researcher Neel Mehta was first to announce the tie. The hacking group is based in North Korea.

In June, the National Security Agency announced they had also uncovered ties between North Korea and WannaCry. The British government linked the two in October, and the CIA issued a similar statement in the following weeks.

[Also: NSA uncovers ties between North Korea and WannaCry attacks]

This is the first public statement from the U.S. directly linking North Korea to the cyberattack.

WannaCry hit computers around the world on May 12, including many in the healthcare sector. Several U.S. health systems were impacted, while at least 16 U.K. National Health Services’ trusts were knocked offline. The attack crippled the organization: Staff were unable to access patient data, and ambulances were diverted to other locations.

This wasn’t the first major hack by the North Korean hacking group. Lazarus was responsible for the massive hack on Sony Pictures in 2014 and the theft of $81 million from Bangladesh Central Bank in 2016.

Future-proofing security

Why cybersecurity is top of mind for forward-looking healthcare orgs.

The U.S. Security Council has imposed severe sanctions on North Korea under the Trump administration, but those focus primarily on its nuclear actions. However, Bossert’s post appears to imply that the Trump administration will be further cracking down on the country’s “malicious behavior.”

“Stopping malicious behavior like this starts with accountability,” Bossert wrote. “It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers.”

“Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments,” he added. “We will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com