Ed Jones / Getty
show image

Oscar Williams

News editor

UK officials link North Korea to WannaCry attack that hit the NHS

The National Cyber Security Centre (NCSC) has linked North Korea to the WannaCry virus that paralysed parts of the NHS in May, an intelligence official has told NS Tech.

The investigation corroborates the findings of America’s National Security Agency (NSA), which traced the ransomware back to the Lazarus Group.

The cyber gang orchestrated an attack on Sony Picture in 2014 ahead of the release of the Interview, a satire of North Korea’s leadership.

NCSC, a new division of GCHQ, has not established whether the WannaCry attack was sanctioned by government officials. But the Washington Post has reported that the NSA was moderately confident that North Korea’s spy agency was responsible.

The revelations come weeks after researchers at Kaspersky and Symantec identified similarities between the malware’s code and code previously deployed by North Korea.

The WannaCry malware locked down the systems of several NHS Trusts and thousands more organisations before it was brought to a halt by a 22-year-old cybersecurity researcher from England.

The malware demanded that victims pay the equivalent of $300 (£235) in bitcoin to unlock their systems.

But if the hackers were motivated by the prospect of making money for the North Korean government, their efforts have failed.

An operational error made any transactions traceable, meaning online currency exchanges would refuse to cash the bitcoin.