Ransomware

Expert Voices

While nuclear testing paused, North Korean cyber threat still looms

Kim Jong-un standing outside near a stone wall
North Korean leader Kim Jong-un in Hanoi on March 2, 2019. Photo: Jorge Silva/AFP/Getty Images

Prohibitive risks may have deterred further nuclear and ballistic missile tests by North Korea, even as it has continued expanding its arsenal. While that freeze remains in place, the regime may opt to accelerate its use of cyber weapons.

The big picture: A nuke test would infuriate China, and launching an ICBM could precipitate a U.S. military strike. But cyberattacks offer a high-impact, low-cost and comparatively low-risk way to generate cash and intimidate other countries.

Tribune ransomware attack was reportedly criminals, not nations

Computer hacked by a virus.
Computer hacked by a virus. Photo: Donat Sorokin\TASS via Getty Images

McAfee assesses that the ransomware attacks that hobbled the distribution of the Los Angeles Times and other Tribune papers in late December were carried out by a criminal group, not a nation, as the Times itself had reported.

The intrigue: Attackers used Ryuk ransomware, a variant of Hermes ransomware that has been used by the North Korean Kim Jong-un regime to funnel cash to the nation. But McAfee notes that Ryuk and Hermes have each been offered commercially on a Russian hacker forum, which appears to be the source of recent infections. That doesn't mean it's impossible for North Korea to be behind the Tribune attacks, but Ryuk's use alone doesn't strongly suggest the attack was from North Korea.