Britain Publicly Names North Korea as Source of WannaCry Attack

By Dell Cameron on at

In a BBC radio interview on Friday, British Security Minister Ben Wallace attributed this year’s WannaCry outbreak to the government of North Korea. The ransomware attack crippled roughly a third of Britain’s National Health Care trusts, as well as nearly 300 local doctor’s offices, in May.

“This attack, we believe quite strongly came from a foreign state,” Wallace said. “North Korea was the state that we believe was involved in this worldwide attack on our systems.”

“We can be as sure as possible,” he continued. “I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role.”

North Korea has already been widely accused of being responsible—a charge the country has denied. Today’s remarks echo statements made earlier this month by Microsoft President Brad Smith. “I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States,” Smith said.

Wallace’s interview follows a report published Friday by the country’s National Audit Office (NAO), which criticised its Health Department for being too slow to fix security flaws. The outbreak was for the most part preventable: Microsoft had released a patch roughly two months before WannaCry spread, infecting systems in as many as 150 countries.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practise,” NAO chief Amyas Morse told Bloomberg.

While it’s true that a routine patch was all that was needed to prevent infection, WannaCry was also quite virulent: it didn’t require convincing the intended victims to download any files or click any malicious links. WannaCry could only be stopped by a previous installation of Microsoft’s patch, which predated the exploit’s public release by a month.

WannaCry was spread via an exploit called EternalBlue, a “cyber weapon” stolen from the US National Security Agency that was leaked by the mysterious Shadow Brokers hacking group a month before the outbreak. The exploit allowed for the installation of DoublePulsar, a backdoor payload, which enabled WannaCry to spread rapidly through computer networks in May.

Brian Lord, a former deputy director at Britain’s Government Communications Headquarters, told The New York Times this month that WannaCry’s spread may have been a test gone awry—part of the authoritarian country’s “evolving effort to find ways to disable key industries.”

More Security Posts: