Security joins Microsoft in fingering North Korea for WannaCry

I can’t go into the details of our intelligence, but...

By John Leyden


The UK government has joined Microsoft in blaming North Korea for the WannaCry ransomware attack.

Security minister Ben Wallace appeared on BBC Radio4's flagship Today programme on Friday morning to blame North Korea for the infamous ransomware attack that disrupted the operation of one in three NHS Trusts in England as well as numerous other organisations worldwide. Wallace began by accepting a National Audit Office report that that the outbreak could have been prevented by the application of missed patches and adequate firewall defences by NHS Trusts.

"North Korea was the state that we believe was involved in this worldwide attack on our systems," Wallace said, before adding (when challenged on this attribution by presenter John Humphries): "We can be as sure as possible… I can’t go into the details of our intelligence."

He added: "It is widely believed across the community and in a number of countries that North Korea had taken this role."

Wallace went on to say that North Korea had linked to other attacks aimed at raising foreign currency, a possible reference to either recent attacks on Asian digital currency exchanges or Pyongyang's counterfeit currency manufacturing operations.

Brad Smith, Microsoft's president and chief legal officer, also blamed North Korea for the devastating WannaCry ransomware attack in a recent interview with commercial news outlet ITV.

Smith said "all observers in the know" now think Kim Jong-un's regime used exploits created by and leaked from the US National Security Agency to create the malware [a reference to the Equation Group leak and Shadow Brokers].

Redmond's president went on to that Microsoft was not to blame for the infection of systems using older operating systems, such as Windows XP, he told ITV.

Continued use of Windows XP within the NHS, while initially suspected, was not a factor in the spread of WannaCry. Windows XP machines crashed rather than becoming infected when subjected to WannaCry. Unpatched Windows 7 machines were a far more important factor, it transpired. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Don't want to alarm you, but defence bods think North Korea could nuke UK 'within a few years'

Report on threat posed by rogue state demands more cash for government hackers

FBI fingers North Korea for two malware strains

'Joanap' and 'Brambul' harvest info about your systems and send it home

Russian telco backs up North Korea's sole Internet link

Transtelecom can reach 256 North Korean hosts

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

Charming. First worm able to infect legacy systems has a module called 'network f*cker'

North Korea's finest spent 2017 distributing RATs, wipers, and phish

And sent them mostly to South Korea, naturally

North Korea's antivirus software whitelisted mystery malware

'SiliVaccine' uses ancient, stolen, Trend Micro AV engine and bad home-brew crypto

Ransomware keeping cops, NHS and local UK gov bods awake at night

Biggest threat next year, Met Police cybercrime boss says

Acronis: Ransomware protection! Get yer free ransomware protection!

Windows-only but sure, thanks

North Korea attacks Bitcoin bods to swell its war chest says FireEye

BTC isn't explicitly covered by sanctions and Kim could launder it into useful currencies

WannaCrypt 'may be the work of North Korea' theory floated

Lazarus rising again... or not