WannaCry Malware Outbreak ‘Linked To North Korea’ Claim Google Security Researchers, Kaspersky And Symantec
Code similarities indicate WannaCry ransomware may have been developed by North Korea-linked Lazarus Group
Kill switch triggered
WannaCrypt is more damaging than previous malware attacks in part because it exploits a Windows security flaw that was only patched in March, meaning many large organisations haven’t yet been able to roll out Microsoft’s fix.
The malware also differs from previous strains in that it automatically scans the network for other vulnerable systems and infects them as well, researchers have said.
The data on infected systems is encrypted and users are asked to pay about $300 in Bitcoin to unlock them.
A 22-year-old British researcher inadvertently triggered WannaCrypt’s “kill switch” on Friday afternoon, limiting new infections, although the switch doesn’t affect systems whose data has already been encrypted.
Researchers said on Sunday a variant called Uiwix without a kill switch had already been released, but officials said a feared second wave of disruption as the week began hadn’t materialised.
Home secretary Amber Rudd, who chaired a Cabinet Office meeting on Monday on computer security, said the UK is working with international organisations to track down WannaCrypt’s creators.
“The National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) are working with Europol and other international partners to make sure that we all collect the right evidence, which we need to do, to make sure we have the right material to find out who has done this and go after them, which we will,” she said.
Do you know all about security in 2017? Try our quiz!