Who is Responsible For May’s Ransomware Attacks on the NHS?
The UK's National Security Centre has linked the malware hack on the National Health Service in May to a North Korean-affiliated hacker team, "Lazarus Group.”
Massive global ransomware attacks are not only becoming more common, but far more dangerous, too. In order to protect your devices from these types of threats, make sure that your software is always up to date, and that you install all security patches. You should also regularly scan your device for hidden malware to catch any threats before they become an issue. Click here to use the full virus scan feature to check your device for security threats:
What Was the Ransomware Attack in May?
In May 2017, the WannaCry ransomware attack targeted computers that were running an outdated and unpatched version of Microsoft Windows as their operating system. The hackers encrypted the data so that users could no longer access their data. The hackers then demanded payment through Bitcoin because it’s untraceable. Once the payments were received, the hackers then flipped the “kill switch” for the ransomware and essentially removed it from that device.
Read More: The Rise of Increasingly Sophisticated Ransomware
The WannaCry malware infected over 230,000 computers worldwide. The most critical part of the ransomware attack infected over 70,000 computers in the United Kingdom’s National Health Service (NHS). This was an emergency situation because all of the patients’ data was stored in the computer system, which sent the NHS into chaos. Many of their computers, MRI scanners, and even blood-storage refrigerators had been affected by the ransomware and were compromised by the attacks. The NHS had to start turning away non-critical emergencies, and even some ambulances were diverted.
How WannaCry is Linked to North Korea
After the malware attack had been taken care of, the NSA and the British Security Group investigated the Wannacry ransomware attack. They found that the ransomware was being shared in a way that had similar code to an earlier malware hack that was associated with a North Korean threat group. Once that connection had been made, the NSA kept finding links between the May attack and the 2014 Sony Pictures hack, which was carried out by the Lazarus Group. The 2014 Sony hack released the film The Interview, which focused on a plot to assassinate the North Korean leader.
These connections mean that WannaCry was similar enough to the other Lazarus Group hacks that the NSA and the National Security Centre have linked it to the North Korean hacking group.
Possible Motivations
According to many intelligence experts, North Korean hackers may be working for the government under their intelligence agency. The hackers will earn money from the ransomware attacks by charging people Bitcoin to remove the ransomware. The proceeds from these attacks will then be redirected towards the funding of the North Korean military strategies. This is one of many “self-funding” strategies that North Korea’s intelligence agency uses.