The White House said Tuesday that North Korea was directly responsible for a “reckless” ransomware attack in May that struck computers in about 150 countries.
Thomas Bossert, counterterrorism adviser to President Trump, said the U.S. has evidence that “cyber affiliates of the North Korean government” were involved in the attack known as “wannacry.”
“This was a careless and reckless attack. The consequences were beyond economic,” Mr. Bossert said.
He said North Korean hackers who were still at work last week were shut down in a response by Microsoft, Facebook and other major tech companies that “acted to disable a number of North Korean cyber exploits and disrupt their operations, as the North Koreans were still infecting computers across the globe.”
“They shut down accounts the North Korean regime hackers used to launch attacks, and patched systems,” Mr. Bossert said. “I’m extremely proud of the hard and dedicated work of the intelligence services and cybersecurity professionals. We will continue to hold accountable those who harm us.”
The “wannacry” attack that began on May 12 affected people in 150 countries, and crippled more than 20 percent of the hospitals in the United Kingdom.
The malware spread among about 230,000 Windows computers, and especially hit older operating systems that had not been updated with the latest software. It caused individual machines to lock up and demanded a $300 ransom to be paid in Bitcoin cryptocurrency. The attack struck computers mostly in Europe and Asia, and largely spared North America.
The U.S. believes that North Korea didn’t gain much ransom money from the attack because, Mr. Bossert said, people who paid the ransom did not get their computers unlocked. When word spread that paying up didn’t solve the problem, people stopped paying.
Mr. Bossert said the Trump administration is running an improved process of working with private companies to find their vulnerabilities to cyberattacks, and informing firms of those weaknesses so they can patch up the problem to increase the overall collective defense in the U.S.
House Homeland Security Committee Chairman Michael McCaul, Texas Republican, said the development “is a grave reminder that the regime in Pyongyang can threaten innocent people almost anywhere on earth with more than just ballistic missiles and nuclear weapons, and that we must do more to strengthen our own cybersecurity.”
He called on the Senate to approve the House-passed Cybersecurity and Infrastructure Security Agency Act, which would create a separate agency to address cybersecurity.
Michael Daly, chief technology officer for cybersecurity and special missions at Raytheon, said the lesson for companies doing business on the internet is that “North Korea sees you as a target.”
“So do other rogue nation-states, and so do transnational crime organizations,” he said. “For them, ransomware is an irresistible crime. It keeps hundreds of millions of dollars in untraceable cryptocurrency flowing in, all the while causing chaos in places like hospitals, power plants, train stations, financial institutions and telecommunications companies.”
He said stronger networks are needed because they are “more expensive to attack, and when we increase the cost of cybercrime, we undermine the incentive for the attack.”
• Dave Boyer can be reached at dboyer@washingtontimes.com.
Please read our comment policy before commenting.