NHS cyber attack: North Korea is behind hack that brought chaos to hospitals, experts claim
The attack used the same code used in the infamous Sony hack in 2014
Get the free Morning Headlines email for news from our reporters across the world
Sign up to our free Morning Headlines email
North Korea may be behind the huge global hack that took down the NHS, experts have said.
The hack took down important computers across the world and might even be responsible for deaths in affected hospitals. But an international manhunt for the people behind it is still ongoing – with very few clues about who was responsible.
Those behind the attack asked for money to unlock the computers that were caught up in it. But some have speculated that the code might have got out by mistake – and that it was never really meant to be used to hold computers to ransom at all.
Life in North Korea captured with a mobile phone
Show all 30Cyber security experts are now pointing to North Korea as the source of the hack – just the latest in globally disruptive cyber attacks that the country has been blamed for.
Experts said that the code used as well as the way that the hackers took computers hostage were similar to the way that North Korea has worked in the past.
Simon Choi, a director at anti-virus software company Hauri Inc, said Tuesday that North Korea is no newcomer in the world of Bitcoin and it has been mining Bitcoin using malicious computer programs as early as 2013.
Last year, Choi accidentally spoke to a hacker traced to a Pyongyang internet address about development of ransomware and he alerted South Korean authorities.
The security company Kaspersky Lab said portions of the "WannaCry" ransomware use the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.
But it is possible the code was simply copied from the Lazarus malware without any other direct connection.
Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools, but said "they so far only represent weak connections. We are continuing to investigate for stronger connections."
Later Taiwanese state media said the WannaCry cyber attack infected computers in 10 schools, the national power company, a hospital and at least one private business.
However, the Central News Agency said the ransomware program caused no damage to the schools' core database systems.
The news agency said WannaCry also infected computers at an office of the Taiwan Power Company, a hospital and a business in the central city of Taichung. The business, whose name was not given, reported paying 1,000 dollars in bitcoin to unlock files held hostage by the program. It was not clear whether the files had been recovered.
The news agency said there have been no reported incidents of the ransomware affecting government agencies.
Additional reporting by agencies
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies