North Korean Group Would Be Most Likely For Recent Ransomware Attacks
On Monday the cyber security company Symantec stated that is was highly likely that a North Korean affiliated hacking group was responsible for the WannaCry cyber attack that occurred this past month and infected over 300,000 computers all over the world and disrupted schools, banks and hospitals worldwide.
Symantec researchers report that they found multiple occurrences of code that were used in both earlier WannaCry versions and previous activity that has been linked to the North Korean group and now highly recommend users install Norton antivirus and update any existing version of its software ( coupons are found here ).
The name Lazarus has been given by security companies to the group that was behind the Sony hacking attack as well as others. Earlier Symantec had said that they don’t attribute cyber campaigns to governments directly, however its researchers din’t dispute the widely held belief that the group Lazarus works for the North Korean government.
In the meantime Vikram Thakur, who is the security response technical director for Symantec, stated in an interview that the flaws within the WannaCry code, its broad reach and demand for payment in electronic bitcoin in order to decrypt the damaged files, all suggest that the hackers weren’t working for the government of North Korea.
What Is WannaCry?
For the uninitiated, WannaCry is ransomware that has infected hundreds of thousands of computers all over the world. Most reports suggest that Britain’s public system has been hit very badly, and reportedly entire wards have closed and staff from the National Health Service has been sent home. An automated system was used by the WannaCry version that has spread like wildfire and wreaked havoc was based on EternalBlue, which is a hacking tool that the Shadow Brokers hacking group was able to steal from the U.S. National Security Agency.
The theory that the reason for WannaCry to be deployed was to cause chaos worldwide and prove that Lazarus – and North Korea by extension – was capable of deploying a serious crippling attack has been dismissed by Symantec researchers. The very same command-and-control server was used by the WannaCry attacks that were used in the hacking of Sony Pictures Entertainment by North Korea in 2014, which wiped out almost half of the corporation’s servers and personal computers. In addition, the researchers state that the same tools were used in earlier Lazarus attacks on media companies and banks in 2013 in South Korea, were used in this WannaCry ransomeware episode as well. The tools have evolved, however they are what researchers refer to as “variants” of those same tools that were utilized in other attacks.
In the month of May, another hacker group called the Shadow Brokers published the details of the hacking tools from the U.S. National Security Agency that were used by the WannaCry hackers to add strength to their attacks. A leaked N.S.A. hacking tool was used to spread from one server to the next automatically, and ultimately infected hundreds of thousands of computers all over the world, particularly Asia and Europe. There are some computer security experts that have stated that it’s too soon to be accusing North Korea. In addition, North Korea officials are denying being involved.
Here are the best coupon deals for Norton for all the different country versions
- Norton Coupons
- Norton By Symantec – Germany
- Norton By Symantec – Germany
- Norton By Symantec – Netherlands
- Norton By Symantec – Norway
- Norton By Symantec – Spain