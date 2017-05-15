WannaCry Ransomware Shares Code With North Korean Malware, Says Researchers (cyberscoop.com) 25
New submitter unarmed8 quotes a report from CyberScoop: The ransomware known as WannaCry that spread rapidly to 300,000 machines in 150 countries over the past few days shares code with malware written by a group of North Korean hackers known as the Lazarus Group. While the shared code is important, experts warned that it's far from proof about who created and launched the ransomware attacks. Neel Mehta, a security researcher at Google, first pointed out the shared code on Monday on Twitter. The link was quickly echoed by numerous other experts. "From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comaeio. "From an attribution point of view a ransomware would subscribe to the narrative of Lazarus Group, which is stealing money like we saw with multiple financial institutions with fraudulent SWIFT transactions -- having a nation-state powered ransomware leveraging crypto currency would be a first."
Usually I'm a pacifist..... (Score:2)
Usually I'm as pacifist.. though in this situation I've reconsidered.
No matter whether it's North Korea, Russia, or whomever.... Whoever is trying the "death by a million cuts" strategy against my country... be warned:
Yamamoto was right. We'll take it for a little while, settle our internal issues, and turn your countries into a mini mall.
You've been warned.
Re: (Score:2)
Look at the bright side. Ransomware is malware done right. In the olden days, malware led to botnets that afflicted everyone, and little of negative consequences were borne by those with the insecure systems causing the problems. But with ransomware, the full cost falls directly into the lap of those doing the least to keep their systems secure, giving them a direct financial incentive to change their ways.
I thought this ransomware came from NSA (Score:3)
Re: (Score:2)
The code litter later found by experts, the staging server ip range, time zone, language will point to a list of nations.
"Latest WikiLeaks dump exposes CIA methods to mask malware" (Mar 31, 2017)
http://www.pcworld.com/article... [pcworld.com]
Marble Framework, "... anti-forensic tools support other languages such as Chinese, Russian, Korean, Arabic and Farsi. “This would permit a forensic attribution double game,
Re: (Score:2)
This.
You and I can grab code -- any code -- and insert a benign, "Kilroy Was Here," at will.
Entirely plausible. (Score:2)
One thing N. Korea lacks is resources/money to buy stuff (from China and Russia). They are the most prolific counterfeiter of $100 [wikipedia.org]... and then the $100 bill was changed. It seems entirely plausible that they are trying to replace their counterfeiting with cybercrime.
the propaganda narrative needs work. (Score:3)
Theres also the unresolved dependency that this exploit came from the NSA. Nice try.