America blames North Korea for WannaCry ransomware outbreak

The Central Committee Bureau 39 of the Workers' Party of Korea strikes again

The US has officially blamed North Korea for the WannaCry ransomware outbreak, which crippled hundreds of thousands of computers in the NHS and across the world in May.

"The attack was widespread and cost billions, and North Korea is directly responsible," Tom Bossert, homeland security adviser to President Donald Trump, claimed in an article published by the Wall Street Journal.

He added: "North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behaviour is growing more egregious," adding that "WannaCry was indiscriminately reckless."

However, many observers would attribute its fast spread and crippling effect to incompetence more than malice as its high-profile spread and the patching that it encouraged meant that the ransomware couldn't make as much money as probably planned.

The US government believes with a "very high level of confidence" that North Korea's so-called Lazarus Group was behind the attack, the same group behind the devastating attack on Sony Pictures in 2014 when it released a film depicting the assassination of North Korean dictator Kim Jong-un.

The US government is not the first to point the finger of blame for WannaCry in the direction of North Korea. Symantec, F-Secure and other big-name security software firms have also blamed North Korea for the attack, as has the British government.

The WannaCry ransomware was self-replicating malware that shut down Windows PCs, and spread via a security flaw in Microsoft's implementation of the SMB networking protocol. A patch for the flaw had been issued in Microsoft's March Patch Tuesday, but many organisations had been slow to implement the patch, leaving them wide open.

The security flaw that enabled WannaCry to penetrate Windows-based systems had been used surreptitiously for many years by the US National Security Agency (NSA), but was publicised when a trove of its exploits were uncovered and publicised by a group calling itself the Shadow Brokers, who are widely believed to be a front for one of the Russian intelligence services.

North Korea, meanwhile, runs what amounts to its own organised crime syndicate dedicated to raising money for the Kim family. Called Bureau 39 - officially, the Central Committee Bureau 39 of the Workers' Party of Korea - it is involved in counterfeiting, the production and smuggling of illegal narcotics and international insurance fraud.

It was believed to be behind a series of audacious attacks on the SWIFT inter-bank payments system, including the high-profile attempt to steal $951 million from Bangladesh Bank in February 2016.