NHS cyber attack: North Korea is behind hack that brought chaos to hospitals, experts claim

The attack used the same code used in the infamous Sony hack in 2014

NHS website affected by international computer cyber attack
NHS website affected by international computer cyber attack

North Korea may be behind the huge global hack that took down the NHS, experts have said.

The hack took down important computers across the world and might even be responsible for deaths in affected hospitals. But an international manhunt for the people behind it is still ongoing – with very few clues about who was responsible.

Those behind the attack asked for money to unlock the computers that were caught up in it. But some have speculated that the code might have got out by mistake – and that it was never really meant to be used to hold computers to ransom at all.

Cyber security experts are now pointing to North Korea as the source of the hack – just the latest in globally disruptive cyber attacks that the country has been blamed for.

Experts said that the code used as well as the way that the hackers took computers hostage were similar to the way that North Korea has worked in the past.

Simon Choi, a director at anti-virus software company Hauri Inc, said Tuesday that North Korea is no newcomer in the world of Bitcoin and it has been mining Bitcoin using malicious computer programs as early as 2013.

Last year, Choi accidentally spoke to a hacker traced to a Pyongyang internet address about development of ransomware and he alerted South Korean authorities.

The security company Kaspersky Lab said portions of the "WannaCry" ransomware use the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.

But it is possible the code was simply copied from the Lazarus malware without any other direct connection.

Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools, but said "they so far only represent weak connections. We are continuing to investigate for stronger connections."

Later Taiwanese state media said the WannaCry cyber attack infected computers in 10 schools, the national power company, a hospital and at least one private business.

However, the Central News Agency said the ransomware program caused no damage to the schools' core database systems.

The news agency said WannaCry also infected computers at an office of the Taiwan Power Company, a hospital and a business in the central city of Taichung. The business, whose name was not given, reported paying 1,000 dollars in bitcoin to unlock files held hostage by the program. It was not clear whether the files had been recovered.

The news agency said there have been no reported incidents of the ransomware affecting government agencies.

Additional reporting by agencies

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in