By Ryan Gaydos, ,
Published May 16, 2017
Cyber security researchers said Monday they may be able to link North Korea to the unprecedented global cyberattack that took more than 300,000 computers hostage in 150 countries last week.
Symantec and Kaspersky Lab said that some of the code used in the version of the WannaCry software had also been used in programs run by the North Korea-linked Lazarus Group.
"This is the best clue we have seen to date as to the origins of WannaCry," Kurt Baumgartner, a researcher at Kaspersky Lab, told Reuters.
The researchers said it was too early to confirm that Pyongyang was behind the cyberattacks. The researchers said they would have to study the code more.
The idea that North Korea could be behind the attack is not a reach. Both U.S. and European officials told the news agency that North Korea should not be ruled out as a suspect.
Hackers for the Lazarus Group were blamed for the theft of $81 million from the Bangladesh central bank. The 2014 Sony hack was also pinned on the hacker collective.
Friday’s attack is believed to be the biggest online extortion attack ever recorded, spreading chaos by locking computers that run Britain’s hospital network, Germany’s national railway and scores of other companies, factories and government agencies worldwide.
Homeland Security officials told Fox News on Monday that a “limited number” of U.S. companies were hit by the WannaCry malicious software. CERT (Computer Emergency Readiness Team) worked with the affected companies to get a patch to parties affected by the ransomware infection.
The officials would not name the companies involved, but stressed that the money paid out worldwide so far since the attacks surfaced on Friday is a relatively small number. Reports suggest the total ransom paid out is less than $50,000.
Steven Wilson, Head of Europol’s European Cybercrime Center, told Sky News on Sunday that it was now important that IT departments checked their systems on Monday morning to ensure they had not been compromised.
He added: “It’s not a massively sophisticated attack. What is new is the use of a worm to propagate through systems.
“It is beyond anything we have seen before.”
The Associated Press contributed to this report.
Ryan Gaydos is a news editor for Fox News. Follow him on Twitter @RyanGaydos.