Skip to main content
May 15, 2017 - World

North Korean hacking group behind ransomware attack

Shannon Vavra

Mark Schiefelbein / AP

On Friday, a ransomware attack demanded payments of $300 before users could log in to their files in 74 countries around the world — including at a Spanish telecom company, the National Health Service in England, the Russian Foreign Ministry, and FedEx (read our Friday roundup here).

By the end of the day Monday, the ransomware had spread to 300,000 breaches across 150 countries, according to U.S. Homeland Security Advisor Tom Bossert. Here's everything else you missed Monday as the ransomware continued to cause problems around the world.

The latest:

  • Kaspersky Lab and a researcher at Google say they suspect the group responsible for the attack is a North Korean hacker group, "The Lazarus Group," which notoriously hacked Sony Pictures over its depiction of an assassination of Kim Jong-un.
  • Putin mocked the U.S. NSA for stockpiling tools that could attack computers around the world. "We are fully aware that the genies, in particular, those created by secret services, may harm their own authors and creators, should they be let out of the bottle."
  • There is a new variant of the "WannaCry" virus infecting 3,600 computers an hour according to Check Point Software, via Reuters.
  • There are five different imitation attacks from ransomware developers out there.
  • TechCrunch is reporting the kill switch a blogger discovered last Friday is still working as a way to shut down the attack.
  • In a briefing with reporters Monday, Bossert said $70,000 in ransoms have been paid, but said "we are not aware of payments leading to data recovery."
  • Bossert reminded everyone that stolen or pirated versions of software would not receive patches that could prevent such attacks, noting "the worm is in the wild."
  • China is "reeling" from the attack because pirated software, which is not protected from the hack, is rampant.
  • India is reporting "there is no major impact" in the country and that there are "isolated" incidents in Kerala and Andhra Pradesh, although NPR reports power utilities and police departments have been affected.
  • Japan's Hitachi and manufacturers and France's Renault have been impacted, per NPR
  • The U.K. government held an emergency meeting Monday to discuss the attack since the ransomware was still active in Europe through Monday, per NPR.
Go deeper