Cryptologic Bytes Highlights

North Korea Behind WannaCry Says Microsoft President

The President and Chief Legal Officer at Microsoft, Brad Smith, told ITV News in England that he believes “with great confidence” that North Korea was responsible for the WannaCry ransomware attack on the UK’s National Health Service (NHS) last May. He was the first Microsoft executive to acknowledge that North Korea was the source of the attack, which affected over 200,000 computers in 150 countries. The attack severely affected the NHS. More than 40 hospital trusts were affected by WannaCry. Lives were threatened as scheduled surgeries were cancelled or postponed and ambulances were diverted. WannaCry malware was based on cyber tools allegedly stolen from NSA and targeted against Windows XP, an outdated version of Windows that Microsoft no longer supports. The perpetrators encrypted NHS medical records and then demanded payment before the decryption keys would be provided and files recovered. (Source: The Daily Telegraph (UK), 14 October 2017)

(Note: The WannaCry attack was stopped by a British cyber researcher, Marcus Hutchins, who discovered that he could kill WannaCry by registering a domain name for it. Hutchins was subsequently arrested when he attended DefCon, an annual cyber conference in Las Vegas, for allegedly creating the KRONOS virus that targeted financial institutions. Hutchins is now out on bail, awaiting trial.)