NHS cyber attack: North Korea is behind hack that brought chaos to hospitals, experts claim
The attack used the same code used in the infamous Sony hack in 2014
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.North Korea may be behind the huge global hack that took down the NHS, experts have said.
The hack took down important computers across the world and might even be responsible for deaths in affected hospitals. But an international manhunt for the people behind it is still ongoing – with very few clues about who was responsible.
Those behind the attack asked for money to unlock the computers that were caught up in it. But some have speculated that the code might have got out by mistake – and that it was never really meant to be used to hold computers to ransom at all.
Cyber security experts are now pointing to North Korea as the source of the hack – just the latest in globally disruptive cyber attacks that the country has been blamed for.
Experts said that the code used as well as the way that the hackers took computers hostage were similar to the way that North Korea has worked in the past.
Simon Choi, a director at anti-virus software company Hauri Inc, said Tuesday that North Korea is no newcomer in the world of Bitcoin and it has been mining Bitcoin using malicious computer programs as early as 2013.
Last year, Choi accidentally spoke to a hacker traced to a Pyongyang internet address about development of ransomware and he alerted South Korean authorities.
The security company Kaspersky Lab said portions of the "WannaCry" ransomware use the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.
But it is possible the code was simply copied from the Lazarus malware without any other direct connection.
Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools, but said "they so far only represent weak connections. We are continuing to investigate for stronger connections."
Later Taiwanese state media said the WannaCry cyber attack infected computers in 10 schools, the national power company, a hospital and at least one private business.
However, the Central News Agency said the ransomware program caused no damage to the schools' core database systems.
The news agency said WannaCry also infected computers at an office of the Taiwan Power Company, a hospital and a business in the central city of Taichung. The business, whose name was not given, reported paying 1,000 dollars in bitcoin to unlock files held hostage by the program. It was not clear whether the files had been recovered.
The news agency said there have been no reported incidents of the ransomware affecting government agencies.
Additional reporting by agencies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments