Who’s behind the ransomware often known as WannaCry that’s wrecking havoc on computer systems around the globe? We don’t know for positive, however a safety researcher has discovered a chunk of proof that factors to a perpetrator: a North Korean operation often known as the Lazarus Group.
The web epidemic, which started on Friday, includes hackers exploiting a flaw in older variations of Microsoft software as a way to lock the computer systems—together with these of corporations and the U.Ok. well being service—and demanding cost to unlock them.
On Monday, Google safety researcher Neel Mehta tweeted strains of code from the present ransomware assault that had additionally been utilized in a separate 2015 assault. The sooner assault has been tied to the Lazarus Group, so the reuse of the code is a doable clue that the group can be behind the ransom.
The Lazarus Group, which is responsible for a series of online heists focusing on central banks, is believed to be a North Korea army outfit that funds its cyber warfare operations by crime. The wanton character of the present ransomware assaults can be in line with earlier conduct by the Lazarus Group.
The computer code tweeted by Mehta, nonetheless, is way from definitive proof North Korea is chargeable for the ransomware. There are quite a few causes (together with the actual fact hackers often borrow malicious computer code) to keep away from drawing agency conclusions.
Nonetheless, Mehta’s discovery is getting critical consideration from top safety researchers, who’re weighing in on Twitter:
Very fascinating seeing shared code right here. https://t.co/CVnCEnzcvd
— Shane Huntley (@ShaneHuntley) May 15, 2017
9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598
ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution
— Neel Mehta (@neelmehta) May 15, 2017
In the meantime, one Twitter user floated a principle that the North Koreans had in some way fouled up the assault—probably referring to the truth that a U.Ok. safety researcher was in a position to set off a so-called “kill switch” that shut down a part of the ransomware assaults, partially limiting the fallout.
In the meantime, as reported by CyberScoop, researchers at Kaspersky Labs—a extremely regarded safety agency—revealed a weblog publish supporting the speculation that Lazarus Group may very well be tied to the ransomware assaults.
“We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of Wannacry,” stated the blog post.
Kaspersky Labs additionally rejected the concept Mehta’s discovery was a “false flag” planted by the perpetrator of the assaults as a way to wrongly incriminate North Korea.
U.S. and European safety officers advised Reuters on situation of anonymity that it was nonetheless too early to say who could be behind the assaults, however they didn’t rule out North Korea as a suspect.
This story initially appeared on Fortune.com. Copyright 2017