North Korea denies role in WannaCry malware

North Korea is denying reports linking the WannaCry malware with the country’s best-known hacking unit. 

“Whenever something strange happens, it is the stereotypical way of the United States and hostile forces to kick off a noisy anti-[Democratic People’s Republic of Korea] campaign,” Deputy Ambassador to the U.N. Kim In Ryong said during a press conference, adding that the reports are “ridiculous.”

Researchers at a few high-profile labs have noticed links between the WannaCry ransomware that wreaked havoc across the world since last Friday and previous hacking efforts by North Korea’s Lazarus Group. 

{mosads}Kaspersky Lab believes that large swaths of identical code in an early sample of the ransomware to code in Lazarus Group malware might show that North Korea is involved. The overlapping code was first noticed by a researcher at Google. Kaspersky has said that evidence is not conclusive but makes a strong connection. 

Symantec found Lazarus Group tools on the computer of an early victim of WannaCry, which it speculated may have been the way the virus was spread before the automated system of finding new targets was introduced. Symantec, too, did not find the evidence conclusive. 

Others have noted that hackers copy and paste publicly available code all the time, and WannaCry could easily come from anyone else. The firm Cyberreason released a white paper Friday arguing that “the relatively low compromise rate of South Korea, Japan, and the United States runs contrary to every attack ever authorized by Pyongyang.”

WannaCry infected hundreds of thousands of computers across the world since debuting last week, but due to coding flaws and other problems, did not ultimately make very much money. Bitcoin transactions are publicly recorded and the three accounts that accept ransom combine for less than $100,000 as of Friday afternoon.