Security experts say there are “clear code connections” between the global ransomware attack and a North Korea-linked group.
There is “strong” evidence to suggest a North Korea-linked group was behind last week’s global cyberattack, security experts say.
Simon Choi, director of South Korean anti-virus firm Hauri, said the code used in the attack shared many similarities with previous hacks attributed to North Korea-linked Lazarus Group.
The same collective is believed to have been behind the 2014 hack of Sony Pictures and is also suspected of previous attacks on the global financial system.
Mr Choi said: “I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies.”
He added that since 2013, hackers aligned to Pyongyang have been using malicious software to extort Bitcoin – the online currency demanded in last week’s WannaCry cyberattack.
Israeli-based security firm Intezer Labs said there were “clear code connections” between Lazarus and WannaCry, adding that the evidence “strongly suggests that these hacking tools were written or modified by the same author”.
Symantec and Kaspersky are investigating whether hackers from Lazarus Group were responsible for infecting an estimated 300,000 machines in 150 countries.
Their enquiries came as the White House said that paying ransom money to unlock files encrypted by the global cyberattack does not work.
Homeland security adviser Tom Bossett told reporters he is not aware of a case where transferring $300 (£232) in Bitcoin – the amount demanded from victims of last week’s attack – has “led to any data recovery”.
President Trump’s administration estimates that less than $70,000 (£54,285) has been paid to the criminals behind the ransomware so far.
During a White House briefing, Mr Bossert said no federal systems in the US had been affected by the malicious software.
He added that his British counterparts said they now had a “feeling of control” after the attack struck 47 NHS organisations.
Russia has denied it had anything to do with what Europol called the “largest ransomware attack observed in history”, and President Vladimir Putin described it as payback for the US intelligence services.
His remarks came after Microsoft’s chief legal officer said the US National Security Agency had developed the original code used in the attack, which was later leaked in a document dump.
Mr Putin said: “A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators.”
Meanwhile, the 22-year old computer expert who discovered the WannaCry’s hidden kill switch says he does not think of himself as a hero and was just as regard the global cyberattack”doing my bit to stop botnets”.
British-born Marcus Hutchins, who is currently working in Los Angeles, stumbled on the solution by accident while analysing a sample of the malicious code, and then spent three days fighting the ransomware worm.
Mr Hutchins’ manager at online security firm Kryptos Logic said he “not only saved the United States but also prevented further damage to the rest of the world”.