May 18, 2017
In a recent development to WannaCry ransomware issue, a lot of researchers at Russian multinational cybersecurity and anti-virus firm Kaspersky Labs have released a declaration regarding the extensive WannaCry ransomware that has infected over 200,000 computers worldwide recently. The security researchers after a lot of research now suppose that the WannaCry attack shares resemblance with prior attacks by the North Korean hacking group, Lazarus. As previously also, the Lazarus hacking group has been caught up in multiple cyber attacks which include- the attacks against Sony Pictures in 2014, the Central Bank of Bangladesh cyber heist in 2016 and a subsequent series attacks in 2017.
“A security researcher from Google posted an artifact on Twitter potentially pointing at a connection between the WannaCry ransomware attacks that recently hit thousands of organizations and private users around the world, and the malware attributed to the infamous Lazarus hacking group, responsible for a series of devastating attacks against government organizations, media and financial institutions,” Kaspersky writes in a press release.
The researched at Google detailed a WannaCry malware sample that “appeared in the wild” in February 2017, two months before the recent wave of ransomware attacks. After analyzing the sample, the researchers at Kaspersky confirmed that the “clear” code resemblance between the malware sample highlighted by the Google researcher and those used by the Lazarus group in the 2015 attacks.
“The analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday. This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign,” noted the company.
Though, Kaspersky also advise that the resemblance could be a fake standard operation to toss authorities off track, and that a similarity in code does not tender decisive proof of a connection with the Lazarus group.
Meanwhile, security firm Symantec also said that it has spotted “the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry.”
Still the origin of this ransomware’s remains a mystery.