North Korean hackers perpetrated a worldwide cyberattack this year that infected computers at a third of Britain’s publicly funded medical centers, U.K. Minister of State for Security Ben Wallace said Friday.
The WannaCry ransomware worm unleashed in May affected 81 of the 236 trusts operated by the U.K. National Health Service (NHS) resulting in the cancelation of at least 6,912 medical appointments, according to the results of an independent probe of the outbreak undertaken by the government’s National Audit Office (NAO) and published Friday.
The NAO audit doesn’t attribute WannaCry to any specific actor, but Mr. Wallace pegged Pyongyang during an interview aired on the day of its release.
“This attack, we believe quite strongly that it came from a foreign state,” Mr. Wallace told BBC Radio 4. “North Korea was the state we believe was involved in this worldwide attack on our system.”
“We can be sure as possible,” Mr. Wallace said. “I can’t obviously go into the detail of intelligence, but it is widely believed in the [intelligence] community and across a number of countries that North Korea had taken this role.”
WannaCry infected over 200,000 computer systems across 150 countries within days of being unleashed in early May by exploiting a critical vulnerability affecting certain versions of Microsoft’s Windows operating system. The virus encrypted the contents of infected computers and then displayed a message demanding victims pay a ransom of roughly $300 apiece to recover the files.
“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice,” said Sir Amyas Morse, the NAO’s comptroller and auditor-general. “There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
Security researchers in the U.S. and U.K. pointed their fingers at Pyongyang in the weeks following the attack, but Mr. Wallace’s comments Friday mark the first time Britain has formally blamed WannaCry on North Korean hackers.
North Korean officials did not immediately comment publicly on the official’s remarks. Kim In Ryong, North Korea’s deputy ambassador to the United Nations, previously rejected earlier allegations about the nation’s involvement as “ridiculous.”
WannaCry harnessed an exploited that had been hoarded by the U.S. National Security Agency (MSA) but was compromised and published online in April, according to security researchers.
The outbreak was halted after Marcus Hutchins, a British security researcher, inadvertently discovered a “kill switch” that kept the worm from spreading. Mr. Hutchins, 23, was arrested by U.S. authorities in August on unrelated hacking charges and subsequently pleaded not guilty to all counts. He’s resided in the U.S. ever since pending further proceedings and has his next court hearing currently scheduled for Nov. 13 in U.S. District Court for the Eastern District of Wisconsin.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.