US declares North Korea the culprit behind devastating WannaCry ransomware attack

Illustration by Alex Castro / The Verge

The US has declared North Korea the perpetrator of the widespread and financially devastating WannaCry ransomware cyberattack that rapidly spread across the globe in May, hitting hospitals, companies, and other critical institutions in countries around the world. The announcement came in the form of an op-ed in The Wall Street Journal authored by President Donald Trump’s Homeland Security Advisor, Thomas Bossert.

News of the administration’s announcement was reported earlier today by The Washington Post, which reports that the White House will be issuing a formal statement tomorrow. It was reported back in June that the US National Security Agency was in possession of evidence that pointed to North Korea. Bossert’s op-ed publicly confirms the NSA’s findings with support from evidence gathered by foreign governments, independent cybersecurity firms, and corporations directly hit by the attack.

“We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government,” Bossert writes. “The consequences and repercussions of WannaCry were beyond economic. The malicious software hit computers in the UK’s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk.”

It’s unclear if the Trump administration will use WannaCry as a way to put more pressure on North Korea via sanctions, as is already the situation with the country’s nuclear program. Bossert concludes his op-ed with the line, “We will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise,” suggesting the administration is openly looking into measures it can take to combat North Korea’s capacity for cyberattacks. Bossert also says hackers must continue to receive harsh punishments for cybercrimes and corporations likely to be victims of such attacks should step up security and proactively take measures to fight back against malicious bad actors and foreign governments.


So on one hand "we" laugh at NK and claim they barely have computers and one crumbly old data line to the world going across a rail bridge to Russia…

and on the other hand, "we" claim they are close to the most sophosticated nation at cyber warfare that nearly brings the world and its biggest nations and companies to their knees…

i don’t know but clearly 1+1 != 2 in this case

Except that is exactly not what they said. They said cyber security starts with accountability. Knowing who is responsible stops state actors from intentionally unleashing large cyber attacks on to the internet. Microsoft also thinks everyone should contact them to report exploits, something that most people are unwilling to do. People want to hoard their advantages.

Sony wasn’t brought to their knees. Most hackers don’t target people like that without financial incentives. North Korea has their own reasons.

I am not sure you read what i wrote.

there are plenty of articles and analysis that says NK has such limited access to the tools, network or talent.

and yet at the end of these recent attacks, there will be article saying NK did it.

one of them is not true, though see below where Mrogi presents a more likely truth.

They will hire contractors to do it for them. They won’t do it on their own.

then wouldn’t the attack present having the fingerprints of those contractors?

i don’t disbelieve you, but if i know nothing about hacking and lack the infrastructure to do it – so i pay you to hack for me, then it would appear you did it.

unless the contractors were busted and pinned it on their client, or the client requested that the software and systems were spoofed to make it look like they did it for ego or other various reasons.

the latter seems more likely

I’m sure North Korea has the capability and/or the means via third parties..they even have several of their own OSs based on linux. There’s a youtube video on redstar OS. So id say they are definitely capable of developing it.

I’m also interested in the investigation about the stolen nsa tools that are allegedly at the heart of wanna cry.

plus I’d like to think the US isn’t that careless to blame North Korea solely on conjecture, just to ramp up sanctions.If the allegation gets disproved it will really hurt US intelligence credibility, especially in relation with investigating cyber attacks like those in Ukraine and parts of Russia, cyber attacks from china, heck even cyber attack by large enough groups.

Unless they’re just the worst at it, so they get caught. More advanced countries would not be so easy to point a finger at.

Unlikely,as north korea has been suspected of several cyber attacks in the past, but there has never been any conclusive proof(or i should say smoking gun proof) only suspicions.So it’s not like north korea are sloppy at covering their tracks.

Take the 2013 darkSeoul attack, north korea was asserted to have been behind it by south korea but the only evidence(made in a public domain) i remember them stating was the use of chinese ip addresses(which apparently north koreans use to cover their tracks, idk) and some guy named Kim implicated with helping the North Koreans.

And the US created stuxnet… whats new?

I’m not even American and I can only laugh at anything that they claim as "fact".when it comes to Trump’s government. In any other case I might have believed them.
This only makes me think it’s coming from Russia if not themselves.

I believe them on this only because North Korea was always suspected to be behind this attack. It’d be different if Russia was suspected and then Trump’s administration claimed otherwise.

Brainwashed much?

I really don’t trust anything Team Trump says about North Korea these days. Trump wants to wage war with North Korea, and we all know how America is nudged into war mode by the military industrial complex. I’m sick of war, personally; it offers no benefit to the people, both here and abroad.

View All Comments
Back to top ↑