Home Security Kaspersky trial balloon: ransomware came from North Korea

Kaspersky trial balloon: ransomware came from North Korea

Kaspersky trial balloon: ransomware came from North Korea Featured

Undeterred by the fact that its statement about a new version of the WannaCry ransomware without a kill switch proved to be false, Kaspersky Lab is ploughing ahead with new speculation, this time claiming that the malware could have originated in North Korea.

The WannaCry creators used a vulnerability in Microsoft's Windows operating system, and an exploit developed by the NSA and leaked by a group called Shadow Brokers in April, to create ransomware that also had a worm element and spread on its own to vulnerable machines.

The malware was also given the name WannaDecrypt0r.

Kaspersky floated the idea of North Korea's involvement in a blog post, basing it on a finding by Google researcher Neel Mehta that similarities exist between an early WannaCry code sample from February and one from an advanced persistent threat spread by a group named Lazarus in 2015.

The Lazarus group has been said to be responsible for stealing from a Bangladesh bank, attacking Sony Pictures Entertainment, and also for an attack on South Korea's online industry in 2013.

kaspersky claim

Kaspersky says the similarities between the two code samples can be observed in this screenshot, with the shared code highlighted.

With law enforcement officials in many countries co-operating on trying to track down the perpetrators, Kaspersky's speculation found some takers, even though the security vendor described it in the following way:

"Is it possible this is a false flag? In theory anything is possible, considering the 2015 backdoor code might have been copied by the WannaCry sample from February 2017.

"However, this code appears to have been removed from later versions. The February 2017 sample appears to be a very early variant of the WannaCry encryptor. We believe that the theory (it is) a false flag although possible, is improbable."

But it is commonly known that malware code is re-used by various groups; one recent example was the re-use of code from the Mirai botnet to create another malware strain known as Persirai.

Kaspersky pointed out that a researcher from the UAE-based Comae Technologies had confirmed Mehta's findings.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News