Michael Reynolds/European Pressphoto Agency
White House homeland security adviser Thomas Bossert said “the best and the brightest are working on” tracking who was behind the ransomware cyberattack.
Security researchers have discovered digital clues in the malware used in last weekend’s global ransomware attack that might indicate North Korea is involved, although they caution the evidence is not conclusive.
An early version of the ‘‘WannaCry’’ ransomware that affected more than 150 countries and major businesses and organizations shares a portion of its code with a tool from a hacker group known as Lazarus, which researchers think is linked to the North Korean government.
John Bambenek, a research manager at Fidelis Cybersecurity says “This implies there is a common source for that code, which could mean that North Korean actors wrote ‘WannaCry’ or they both used the same third-party code,’’
White House homeland security adviser Thomas Bossert said Monday that investigators were still working to determine who was behind the attack. The best and the brightest are working on it.
Several security researchers studying ‘‘WannaCry’’ on Monday found evidence of possible connections to the crippling hack on Sony Pictures Entertainment in 2014 attributed by the US government to North Korea. That hack occurred in the weeks before Sony released a satiric movie about a plot to kill North Korean leader Kim Jong Un.
However, Bambenek cautioned that the links are circumstantial. ‘‘It could be a freak coincidence,’’ he said. ‘‘The code in question is not a large portion of the overall Wannacry malware so it’s plausible that the attackers got it from somewhere else.’’
The spread of the WannaCry virus has slowed as new cyberdefenses have been put in place and some eight to 10 U.S. entities, including a few in the health-care sector, reported possible “WannaCry” infections to the Department of Homeland Security, a US official said.
Factories, hospitals, and schools were disrupted in China by the attack, the spread of the virus appeared to be slowing. State media said 29,000 institutions had been hit, along with hundreds of thousands of devices.
South Korea reported that just five companies were affected, including the country’s largest movie chain.
Researchers discovered a ‘‘kill switch’’ on the virus that stopped its spread from computer to computer, potentially saving tens of thousands of machines from further infection.
The ransomware program, which is spread through e-mail, encrypts computer files and then demands the bitcoin equivalent $300 to unlock them.
The attack hobbled operations at Russia’s Interior Ministry, Spanish telecommunications giant Telefónica, and Britain’s National Health Service.