Home Security Kaspersky trial balloon: ransomware came from North Korea

Kaspersky trial balloon: ransomware came from North Korea

Undeterred by the fact that its statement about a new version of the WannaCry ransomware without a kill switch proved to be false, Kaspersky Lab is ploughing ahead with new speculation, this time claiming that the malware could have originated in North Korea.

The WannaCry creators used a vulnerability in Microsoft's Windows operating system, and an exploit developed by the NSA and leaked by a group called Shadow Brokers in April, to create ransomware that also had a worm element and spread on its own to vulnerable machines.

The malware was also given the name WannaDecrypt0r.

Kaspersky floated the idea of North Korea's involvement in a blog post, basing it on a finding by Google researcher Neel Mehta that similarities exist between an early WannaCry code sample from February and one from an advanced persistent threat spread by a group named Lazarus in 2015.

The Lazarus group has been said to be responsible for stealing from a Bangladesh bank, attacking Sony Pictures Entertainment, and also for an attack on South Korea's online industry in 2013.

kaspersky claim

Kaspersky says the similarities between the two code samples can be observed in this screenshot, with the shared code highlighted.

With law enforcement officials in many countries co-operating on trying to track down the perpetrators, Kaspersky's speculation found some takers, even though the security vendor described it in the following way:

"Is it possible this is a false flag? In theory anything is possible, considering the 2015 backdoor code might have been copied by the WannaCry sample from February 2017.

"However, this code appears to have been removed from later versions. The February 2017 sample appears to be a very early variant of the WannaCry encryptor. We believe that the theory (it is) a false flag although possible, is improbable."

But it is commonly known that malware code is re-used by various groups; one recent example was the re-use of code from the Mirai botnet to create another malware strain known as Persirai.

Kaspersky pointed out that a researcher from the UAE-based Comae Technologies had confirmed Mehta's findings.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.