From the very beginning, it was assumed that North Korea was involved in the spread of the WannaCry cyberattack last May, associating it for some characteristics to a malicious code already used a couple of years ago by a hacker group, Lazarus, believed to be linked to the government of the eastern country. Now months later, the rumor that Pyongyang is involved in the cyberattack is making a comeback: an accusation that comes directly from Thomas Bossert, adviser to U.S. President Donald Trump for homeland security and counter-terrorism. It appears, according to Bossert’s statement to the Wall Street Journal, that the U.S. has evidence of Pyongyang’s involvement, backed by other governments and companies including Microsoft and Facebook. Given the involvement of the aforementioned giants, it would therefore seem that what has been stated is indeed well-founded and that this is not yet another “unhappy” exit by the American president or whoever. Facebook has stated that it has deleted many accounts linked to the Lazarus group. These were accounts with fake profiles created with the goal of creating links to possible targets within the social network. On the other hand, as for Microsoft, in the corporate blog there is a statement that last week the company, jointly with Facebook, took strong measures to protect customers and the Internet from threats carried out by the group Lazarus. Microsoft then stated that it recognized that the Lazarus group was behind the WannaCry attack, adopting as protection measures blocking the spread of malware used by this group, strengthening Windows security measures, cleaning users’ infected Windows computers and disabling accounts used to pursue cyber attacks. So the Redmond-based company said it acted on its own initiative, but consulted with a number of governments before doing so.

Let’s briefly recall the numbers of WannaCry, a cyber attack of the magnitude of a terrorist attack: on May 12, it affected more than 230 thousand computers in about 150 countries, also affecting state entities and organizations such as hospitals, public administrations, multinationals of different sectors, stopping their operations completely with economic and other damages. WannaCry is a ransomware that acts by locking the computer on a fixed screen from which it is impossible to exit except by formatting the system which implies the loss of all data saved on the hard-disk or, alternatively, by paying a ransom sum worth 300 dollars to receive an unlock key for the PC. Very few users, once they sent the amount, got the unlocking key back. ☹

Sara Avanzi