In a BBC radio interview on Friday, British Security Minister Ben Wallace attributed this year’s WannaCry outbreak to the North Korean government. The ransomware attack crippled roughly a third of Britain’s National Health Care trusts, as well as nearly 300 local doctor’s offices, in May.
“This attack, we believe quite strongly came from a foreign state,” Wallace said. “North Korea was the state that we believe was involved in this worldwide attack on our systems.”
“We can be as sure as possible,” he continued. “I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role.”
North Korea has already been widely accused of being responsible – a charge the country has denied. Today’s remarks also echo statements made this month by Microsoft President Brad Smith. “I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States,” Smith said.
Wallace’s interview follows a report published Friday by the country’s National Audit Office (NAO), which criticised its Health Department for being too slow to fix security flaws. The outbreak was for the most part preventable: Microsoft had released a patch roughly two months before WannaCry spread, infecting systems in as many as 150 countries.
“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice,” NAO chief Amyas Morse told Bloomberg.
While it’s true that a routine patch was all that was needed to prevent infection, WannaCry was also quite virulent: it didn’t require convincing the intended victims to download any files or click any malicious links. WannaCry could only be stopped by a previous installation of Microsoft’s patch, which predated the exploit’s public release by a month.
WannaCry was spread via an exploit called EternalBlue, a “cyber weapon” stolen from the US National Security Agency. It was leaked by the Shadow Brokers hacking group roughly a month before the outbreak. The exploit allowed for the installation of DoublePulsar, a backdoor payload, which enabled WannaCry to rapidly infect networks this spring.
“Although Britain’s National Audit Office said the WannaCry attack was ‘relatively unsophisticated’ and ‘could have been prevented,’ it’s not possible to prevent malware penetration 100% of the time,” said Avi Chesla, CEO of empow. “However, through data and communication footprints in systems, it’s possible to know who has been affected and prevent further spread of the attack, lowering the risk dramatically.”
Brian Lord, a former deputy director at Britain’s Government Communications Headquarters, told The New York Times this month that WannaCry’s spread may have been a test gone awry — part of the authoritarian country’s “evolving effort to find ways to disable key industries.”