This article is more than 1 year old

UK, US govt and pals on WannaCry culprit: It woz the Norks wot done it

Notorious Lazarus Group said to be behind mass infection

UK Foreign Office Minister Lord Ahmad of Wimbledon today claimed North Korea was behind the WannaCry ransomware incident.

He joins the US government, Canada, Australia, New Zealand, Japan, Microsoft, Google, Kaspersky, Symantec, FireEye, and others, in blaming Kim Jong-un's hackers for unleashing WannaCry on the world.

Uncle Sam today publicly named and shamed the Norks, too. Microsoft and Facebook were also thanked by US government officials for disabling North Korean hackers' accounts and helping to disrupt their online activities.

"[WannaCry] was a careless and reckless attack," said White House security advisor Thomas Bossert. "It affected individuals, industry, governments. And the consequences were beyond economic. The computers affected badly in the UK and their healthcare system put lives at risk, not just money.

"After careful investigation, the United States is publicly attributing the massive WannaCry cyberattack to North Korea. We do not make this allegation lightly. We do so with evidence, and we do so with partners.

"Other governments and private companies agree. The United Kingdom, Australia, Canada, New Zealand, and Japan have seen our analysis, and they join us in denouncing North Korea for WannaCry."

Of course, the usual pinch of salt is required. Assigning attribution in cyber-assaults is hard, miscreants can hijack networks in another nation to launch attacks and thus shift the blame, and so on. On the other hand, the UK and US seem pretty certain it's North Korea's fault here.

The UK's Lord Ahmad said the hermit state's spy unit, the Lazarus Group, was specifically behind the malware epidemic in May this year. The Lazarus crew, which also goes by the name Guardians of Peace, has been active since 2009, and uses DDoS botnets, keyloggers, remote access tools and wiper malware in their operations.

The decision to publicly attribute this software nasty to North Korea sends a clear message that the UK and its allies will not tolerate malicious cyber activity, Blighty's Foreign Office thundered.

The WannaCry ransomware wrecked 300,000 computers in 150 countries and included 48 NHS trusts among the casualties.

Back in October, British security minister Ben Wallace appeared to blame North Korea for the infamous ransomware attack that disrupted the operation of one in three NHS trusts in England as well as numerous other organisations worldwide.

This week, Ahmad said: "The UK's National Cyber Security Centre assesses it is highly likely that North Korean actors known as the Lazarus Group were behind the WannaCry ransomware campaign – one of the most significant to hit the UK in terms of scale and disruption.

"We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyber space. The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions."

He said the UK is determined to identify, pursue and respond to malicious cyber activity regardless of where it originates, imposing costs on those who wish to attack us in cyberspace. "We are committed to strengthening coordinated international efforts to uphold a free, open, peaceful and secure cyberspace." ®

More about


Send us news

Other stories you might like