White House blames North Korea for WannaCry ransomware outbreak
The U.S. government officially blamed North Korea for launching a global ransomware attack that is commonly known as “WannaCry.”
Homeland Security Adviser Thomas Bossert took North Korea to task in a Wall Street Journal editorial published Monday night, calling the May attack that impacted more than 300,000 machines in 150 countries “indiscriminately reckless.”
“Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another,” Bossert wrote. “They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive ‘WannaCry’ cyberattack to North Korea.”
Bossert’s comments mark the first time the U.S. government has publicly linked a group to WannaCry. Both the U.K. government and private cybersecurity industry linked the attack to North Korea months ago.
Bossert’s editorial comes hours after the release of the White House’s highly anticipated National Security Strategy, a broadly written plan highlighting the Trump administration’s approach to national security matters. The document named North Korea, among other adversarial nations, as a major security threat to the U.S. and its allies.
WannaCry reportedly caused billions of dollars in damage as it affected numerous business sectors and companies around the world. Among the hardest hit were hospitals in the United Kingdom.
Researchers say WannaCry leveraged a software exploitation tool that was taken from the National Security Agency. Known as EternalBlue, the tool allowed the ransomware to spread through vulnerable, internet-connected machines which ran older versions of Microsoft Windows.
Bossert’s editorial makes no mention of EternalBlue’s role in amplifying the malware’s impact.
In most cases, a computer infected with ransomware typically becomes unusable unless the victim pays a ransom, usually in the form of a cryptocurrency. WannaCry, however, represented a unique incident because of the speed and scale by which the malware affected millions of computers.
Additionally, many victims were not able to regain access to their systems because the payment mechanism attached to WannaCry was faulty and often unresponsive.
Senior U.S. government officials often point to North Korea as a “bad actor” in cyberspace. Hackers linked to the regime, for example, have been previously linked to data breaches at major financial institutions and are believe to be responsible for other cyptocurrency-related schemes.
Over the last several years, the U.S. has selectively called out a small number of foreign governments for their role in backing offensive hacking operations aimed at U.S. companies, government agencies or institutions. Monday’s announcement marks the second time North Korea has been named the culprit by the U.S. government, the first being the destructive attack on Sony Pictures in 2014.
