23:23 GMT07 July 2020
Listen Live
    Get short URL

    The recent WannaCry malware attacks could have been a cover-up operation as the hackers were unlikely interested in money and appear to have emulated the behavior of a known cybercrime group, Pierluigi Paganini, a Member of Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation, told Sputnik.

    MOSCOW(Sputnik) – On May 12, the Kaspersky Lab cybersecurity company registered about 45,000 ransomware attacks in 74 countries worldwide. On Sunday, Europol Executive Director Rob Wainwright said that as the malware, dubbed WannaCry, continued to spread over the weekend, 200,000 users in 150 countries had been affected.

    "In this specific case the security expert has found a specific partial code inside one of the earlier versions of WannaCry … linked to the one that has been used by the Lazarus Group," Paganini told Sputnik, explaining that the origin of a cyberattack is always the most difficult task for any security expert and that the partial code similarity is not enough to pinpoint the group that carried out the attacks.

    The Lazarus Group is suspected of having links to North Korea and cyber experts believe that it was behind several attacks targeting South Korea, including the 2009-2012 "Operation Troy."

    According to Paganini, the WannaCry hackers could have intentionally used a code similar to the one linked to Lazarus Group in order to emulate its behavior and cover up their tracks.

    "You will not be sure," the cybersecurity expert emphasized, adding that the only thing that can be established with certainty is code similarity, which, in this case, suggests that the hackers have been changing their tactics and have hidden any kind of evidence that could link to their operation.


    US Homeland Security adviser Tom Bossert stated during a White House press briefing on Monday that the WannaCry world-wide ransomware cyberattacks may have been launched by criminal actors or foreign governments.

    Asked whether North Korea could be behind the attacks, Paganini told Sputnik that one can never say for sure, but that it is unlikely that the hackers wanted ransom.

    "I don't believe that the attackers in this specific case were interested in making money with this kind of attack," the expert said, adding that the fact that the malware has a "kill switch" sounds like someone who is telling everyone "I can hit anyone in the world."

    Paganini explained that most people are now aware that in case of such attacks the best option is to never pay ransom, so it is likely that the actors behind WannaCry had a different motivation, likely a political one.

    "I believe that someone is telling to the government, is passing a specific message: ‘Hey guy, I am able to do this.’ And if the actor behind the attack is … a government, the message is ‘Hey guy, I can paralyze the system worldwide,’" Paganini told Sputnik.

    According to the Czech Avast Software security company, Russia, Taiwan, Ukraine and India were most affected by the WannaCry malware.

    The attacks affected, among other institutions and organizations, the UK National Health Service (NHS), the German state rail company Deutsche Bahn, the Russian Interior Ministry and banks. The virus blocked computers with messages flashing on the screen demanding money to remove the restriction.

    South Korean media reported on Wednesday, citing the Korea Internet and Security Agency (KISA), that over a dozen South Korean companies had suffered as a result of the WannaCry attacks.

    "The results that we have already suffered during the weekend are just related to the use of well-known vulnerabilities. In case the attackers used … some vulnerabilities that are unknown to the security community the damages could be very dramatic," Paganini told Sputnik.

    EU institutions have not been affected by the cyberattacks, European Commission spokesman Margaritis Schinas said on Monday.

    US government computer systems have not been affected by the WannaCry ransomware either, US President Donald Trump's Homeland Security Advisor Tom Bossert said at a press briefing on Monday.

    Means of Protection

    Andrey Krutskikh, Ambassador at Large of the Russian Foreign Ministry, told Sputnik on Wednesday that US and Russian experts should start dialogue on joint actions to tackle cybercrime in the wake of the latest cyberattacks.

    Paganini recommended that users keep their software updated, create a backup copy of all data and install all the necessary anti-virus software in order to protect their devices from cyberattacks.

    Asked about the Lazarus Group, which could be behind the most recent ransomware attacks, the expert said that "numerous companies and security firms have investigated the activity of the group" and that it is believed to have been active since 2007.

    "It’s for sure a politically-motivated group," Paganini told Sputnik, adding that Lazarus hackers have carried out attacks against governments, bank systems and pirate companies and that the group is "one of the most active" and is "well-funded."

    According to the Times newspaper, the attackers may have already received over $42,000 from the affected users.


    Second Ongoing Global Cyberattack Identified After WannaCry Virus - Reports
    Kiev's Accusations of Russia Carrying Out Cyberattack Groundless - Kremlin
    Latest Cyberattack Proves Necessity of Joint Efforts Against Cybercrime - Moscow
    cyberattack, WannaCry virus, Democratic Republic of North Korea (DPRK), United States, South Korea
    Community standardsDiscussion