The United States National Security Agency (NSA) has been actively trying to trace the source of the recent ransomware attacks that had infected hundreds of thousands of computers across the world last month. One of the agency's biggest suspects was the Democratic People's Republic of Korea, which has been known to initiate large-scale #Cyber attacks throughout different countries in the West and in Asia.

The NSA previously had very weak evidence that linked #North Korea to the recent attacks, but the agency apparently now has uncovered some new information that might prove the country's involvement.

Identified group

According to the Washington Post, the NSA now believes with "moderate confidence" that North Korea was indeed involved in the recent cyber attacks.

Advertisements
Advertisements

The agency traced the recent ransomware attack to a group of hackers sponsored by the country's spy agency. The report further reveals that the NSA has identified a team called the Lazarus Group, which is believed to be funded directly by North Korea.

New evidence

The agency and several cyber security firms, including Symantec and Kaspersky Lab, were previously able to detect some codes within the malware, referred to as WannaCry, that was similar to the codes used within previous attacks traced back to North Korea.

However, the recent findings were considered to be too "weak" to confirm the country's involvement. There are a lot of other groups that could have gotten access to the same codes. Now, the agency has apparently traced the ransomware used last month to several #Ip Addresses that were previously used by the country's spy agency.

Advertisements

The combination of the code similarities and the known IP addresses is now building a strong case that points to North Korea being actually involved.

Follow the money

The WannaCry malware was a fairly large-scale cyber attack that affected hundreds of thousands of computers last month. It had managed to shut down several institutions including hospitals, factories, and other businesses. The attack mostly affected systems that were running older versions of Microsoft Windows and completely locked down all of a computer's files with encryption. Files will only be restored when a $300 ransom is paid in Bitcoin.

While the scheme itself was somewhat an ingenious way of making users pay to get their important files back and their systems running again, collecting the ransom money is an entirely different story. The NSA and other security agencies are actively tracing the Bitcoin transactions for those who have opted to pay the ransom, which means that cashing it out will still be quite a challenge for the hack's perpetrators.