They just happen to hit the motherlode. However, while they noted the shared code in the Lazarus malware and the early version of the WannaCry, they stopped short stating with certainty that the ransomware stemmed from the state-sponsored North Korean operation. "There's no barrier to do it tomorrow to 100 million computers".
Here's what we now know about the ransomware known as WannaCry, which locked up digital photos, documents and other files to hold them for ransom. According to Wired, they were later identified by United States intelligence agencies as a North Korean government operation.
The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft Corp systems and has infected some 30,000 Chinese organisations as of Saturday, the China Daily said.
Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals.
In what one of the most significant cyberattacks ever recorded, computer systems from the U.K.to Russia, Brazil and the US were hit beginning Friday by malicious software that exploited a vulnerability in Microsoft's Windows operating system.
Two law enforcement officials likewise said USA investigators suspect North Korea based on code similarities; the officials called that finding preliminary. Other impacts in the US were not readily apparent on Saturday. Short of paying, options for these individuals and companies are usually limited to recovering data files from a backup, if available, or living without them. Experts said its rapid global spread suggests it did not rely on phishing, in which fake emails tempt the unwary to click on infected documents or links.
The security holes it exploits were disclosed weeks ago by TheShadowBrokers, a mysterious group that published what it said are hacking tools used by the NSA.
The timing of EternalBlue has raised questions for experts because Microsoft made history by cancelling Patch Tuesday in February then released the fixes for the EternalBlue flaws in a March 2017 Patch Tuesday bulletin about one month before the Shadow Brokers unlocked the full details of the EternalBlue exploit.
It also expressed fear that figure of affected computers and countries is likely to grow with time especially "as people use their computers if their IT has not been updated and their security systems patched over the weekend". "But the way they figure they can cut it down, the dangers of it, is making sure everybody updates their software - whether it be an Apple, a Chrome book, a PC running Windows".
The companies and government agencies targeted were diverse.
Firstly, we would like to mention the Windows versions that are by far and large under the assault of WannaCry.
Russian cellular phone operators Megafon and MTS were hit. According to various resources, the attack affected many National Health Service (NHS) hospitals in England and Scotland, and up to 70,000 devices - including computers, MRI scanners, blood-storage refrigerators and theatre equipment - may have been affected. Deutsche Bahn said it deployed extra staff to help customers.