UK blames North Korea for WannaCry attacks

The United Kingdom released its final report Friday on the WannaCry ransomware attacks that caused mass disruption in its hospital system, with a U.K. official saying the country believes the attacks originated in North Korea. 

“This attack, we believe quite strongly that it came from a foreign state,” Ben Wallace, a junior minister for security, told BBC 4 Radio, adding that the government was “as sure as possible” that nation was North Korea.

WannaCry caused worldwide panic in may, with disruptions in major European companies including Germany’s largest rail provider, auto manufacturer Renault, Spanish telecom Telefonica, the Russian Ministry of the Interior, Chinese law enforcement and other targets.

{mosads}Though estimates of infections are hard to calculate, especially after researchers discovered a way to interrupt the malware between installation and encrypting the files, WannaCry infected at least hundreds of thousands of computers.

Symantec tied WannaCry to an infamous hacking group known as Lazarus affiliated with North Korea soon after the attack, an attribution the U.K. government appears to now agree with. 

One of the most jarring victims of WannaCry was the Britain’s National Health Service (NHS), the national health-care system. According to a report by the National Audit Office (NAO) released Friday, “thousands of appointments and operations were canceled” due to the attacks. 

The report tallies that at least 34 percent of NHS bureaus, known as trusts, were hit by WannaCry. More than 25 trusts that administered hospitals and other treatment centers were locked out of devices.

WannaCry encrypted files on infected systems, charging a ransom for the keys to unlock the files. Design flaws in the WannaCry architecture prevented the attackers from actually providing those keys. 

The NAO report said that no trust paid a ransom but that it is impossible to calculate the total economic damage from the attack. 

WannaCry spread quickly because it relied on a particularly dangerous security flaw in Windows known as EternalBlue. That flaw was leaked to the public by a group known as the ShadowBrokers, who claim to have stolen the tool from the National Security Agency.

EternalBlue never affected Microsoft’s most current operating system, and weeks before the ShadowBrokers released the tool to the public Microsoft released a patch that would have blocked most WannaCry infections. 

According to the report, the NHS was warned a year before WannaCry that it needed to update it’s systems to Microsoft’s latest release to maximize security, but plans were not put into action until July — after the WannaCry attacks.

In March and April, the NHS’s digital office issued an alert throughout the department to patch systems to prevent a WannaCry-like attack. Either upgrading or patching would have prevented WannaCry. 

WannaCry was the first, but not the last, global attack using EternalBlue attributed to a nation.

Weeks later, a massive outbreak of NotPetya — also using EternalBlue — hit systems, overwhelmingly in Ukraine or on networks with offices in Ukraine. NotPetya, some researchers believe, was designed by the Russian government to use the guise of ransomware to inflict damage.