Who's Responsible for WannaCry?

in #security7 years ago

WannaCry, arguably the most popular and infamous malware of the year, affected over 200,000 computers in over a 100 countries. Check out my first post about it for more details about what it is.

Now it seems that researchers have found traces of who might have spread the ransomware. A Google researcher found that the WannaCry malware shares code with a 2015 malicious backdoor malware called Contopee. This backdoor was exploited by the Lazarus Group, which wiped almost a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank last year. Researchers say Lazarus Group carries out hacks on behalf of North Korea.
Researchers at Symantec also provided additional evidence that WannaCry was indeed the work of the Lazarus Group.

The evidence includes:

  • The discovery of three pieces of malware previously linked to Lazarus Group that were left on a network hit in the first-known infection of WCry, in February. The malware included Trojan.Volgmer and two variants of Backdoor.Destover, the disk wiping tool used in the Sony Pictures attacks.
  • Trojan.Alphanc, which was used to spread WCry in attacks that took place in March and April attacks, is a modified version of Backdoor.Duuzer, which has previously been linked to Lazarus.
  • Bravonc, another trojan used to install WCry onto computers in earlier attacks, used the same IP addresses for command and control as Duuzer and Destover.
  • Bravonc has similar code obfuscation as WCry and Infostealer.Fakepude, another piece of malware linked to Lazarus Group.
  • Newly discovered similarities between Contopee and the WCry ransomware itself

There similarities make a very strong case that the Lazarus Group was behind this attack, and therefore North Korea.

However, one must also keep in mind that simply sharing some similarities is not 100% proof that this attack was indeed launched by the Lazarus Group or North Korea. The strong evidence points towards that, but one must always keep an open mind as to who did it. It might have been someone who stole software and code from the Lazarus Group, or maybe the Lazarus Group got their code from a distributor who also supplies software to others.

#hacking #technology #malware #wannacry
7 years ago in #security by
$0.31
  • Past Payouts $0.31, 0.00 TRX
  • - Author $0.24, 0.00 TRX
  • - Curators $0.07, 0.00 TRX
7 votes
Reply 2
Sort:  
  • Trending
    • [-]
     7 years ago 

    US has already blamed North Korea for the attack. Kim Jong-Un is a menace!

    $0.00
      Reply
      [-]
       7 years ago 

      Thanks for that tidbit of information. And yes, until there is 100% incriminating evidence pointing to North Korea, it is all speculation.

      full steem ahead!
      @streetstyle

      $0.00
        Reply

        Coin Marketplace

        STEEM 0.20
        TRX 0.15
        JST 0.029
        BTC 64572.94
        ETH 2630.79
        USDT 1.00
        SBD 2.82