Researchers at cybersecurity firm Kaspersky Labs have released a statement regarding the widespread WannaCry ransomware that has infected over 200,000 computers worldwide since Friday. Security researchers now believe that the WannaCry attack shares similarities with previous attacks by the North Korean hacking group, Lazarus.
The Lazarus hacking group has been involved in multiple cyber attacks in the past, including - the attacks against Sony Pictures in 2014, the Central Bank of Bangladesh cyber heist in 2016 and a subsequent series attacks in 2017.
“A security researcher from Google posted an artifact on Twitter potentially pointing at a connection between the WannaCry ransomware attacks that recently hit thousands of organizations and private users around the world, and the malware attributed to the infamous Lazarus hacking group, responsible for a series of devastating attacks against government organizations, media and financial institutions,” Kaspersky writes in a press release.
The Google researcher detailed a WannaCry malware sample that “appeared in the wild” in February 2017, two months before the recent wave of ransomware attacks. After analysing the sample, researchers at Kaspersky confirmed “clear” code similarities between the malware sample highlighted by the Google researcher and those used by the Lazarus group in the 2015 attacks. “The analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday. This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign,” noted the company.
However, Kaspersky also warns that the similarities could be a false flag operation to throw authorities off track, and that a resemblance in code does not offer conclusive proof of a connection with the Lazarus group.
Meanwhile, security firm Symantec also said that it has spotted “the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry.”
As of now, this ransomware’s origin still remains a mystery. If you are one who was affected or want to take preventive steps to avoid being affected by the WannaCry Ransomware, watch this video below.