Is WannaCry the First Nation-State Ransomware?

Initial Code Analysis Points to North Korea-Linked Hacking Group

As computer security analysts begin to unwind the mystery behind the global wave of WannaCry ransomware, a familiar name has surfaced: Lazarus, the nickname for a suspected elite North Korean hacking group.

On Monday, Google security researcher Neel Mehta wrote a wordless tweet. It contained hashes for two malware samples along with line markers where parts of their codes were identical.

The code comparison suggests that whoever created WannaCry – the ransomware that infected about 200,000 endpoints in 150 countries over the weekend – used some of the same code as the Lazarus Group. Symantec, which is tracking Lazarus, concurred. Investigators are probing for a stronger connection, but it’s a tantalizing clue in an already remarkable incident (see WannaCry Ransomware Outbreak Spreads Worldwide).

Continue reading…