North Korean hackers were behind the massive global “WannaCry” ransomware attack this past May that struck governmental entities, corporations and infrastructure in at least 150 countries, including Israel.
Affected countries included Russia, Australia, Belgium, France, Germany, Italy, Mexico and the United States in addition to Israel.
Corporations such as British National Healthcare System, FedEx, Spain’s Telefonica and Renault were affected as well as auto manufacturers Nissan and Renault, and global shipper FedEx.
The malware affected Microsoft Windows computers and encrypted files on hard drives, then demanded ransom payments in bitcoin to unscramble the data.
WannaCry and a second, similar ransomware, Petya, that followed a month later, were both spread around the world through Eternal Blue – a tool that was created by the National Security Agency and leaked online by the Shadow Brokers.
Amit Serper, Principal Security Researcher at an Israeli cybersecurity start-up called Cybereason, developed a “vaccination” against Petya that disables the ransomware. His method (RansomFree 126.96.36.199) kills the Petya application before it even starts encrypting files. It is the world’s most widely used free anti-ransomware tool.
Although it was initially believed that WannaCry was a variant of Petya, the U.S. later traced it to North Korea.
“After careful investigation, the United States is publicly attributing the massive WannaCry cyberattack to North Korea,” said Tom Bossert, White House homeland security and counter terrorism chief.
“We do not make this allegation lightly,” he said. “We do so with evidence, and we do so with partners.”
“This was a careless and reckless attack,” Bossert told reporters. “It affected individuals, industry, governments, and the consequences were beyond economic. The computers that were affected badly in the UK and their healthcare system put lives at risk, not just money.”
Other governments and private security firms who agreed with the U.S. findings included Britain, Australia, Canada, New Zealand, and Japan. Bossert told reporters that Microsoft was able to trace the attack to hackers linked to the North Korean government.
He added that a number of tech companies, including Microsoft and Facebook, recently stymied a number of North Korean “cyber exploits” that were infecting computers around the world. “They shut down accounts the North Korean regime hackers used to launch attacks, and patched systems,” Bossert said.
Cyber defense was among the major issues covered in U.S. President Donald Trump’s new National Security Strategy released earlier this week.
Likewise, it was a major subject for discussion at the weekly government cabinet meeting in Israel earlier this week as well. Prime Minister Benjamin Netanyahu announced at that meeting that the country’s military and civilian cyber defense agencies will soon be merging to form one National Cyber Authority instead.