The Latest: Law enforcement officials flag North Korea link
Posted May 16
LOS ANGELES — The Latest on the global extortion cyberattack that hit dozens of countries (all times local):
Two law enforcement officials say U.S. investigators suspect North Korea may be behind the global "ransomware" attack.
They say that's based on a preliminary investigation and stressed investigators are still following digital clues in the probe.
The officials spoke to The Associated Press on condition of anonymity because they aren't authorized to speak publicly about an ongoing investigation.
Code used in the "WannaCry" attack is similar to that used in prior attacks linked to North Korea, the officials said. Private security researchers reached a similar conclusion Monday.
Investigators suspect the attack wasn't intended to extort money as most ransomware attacks do. One officials said authorities suspect the attack was launched using "hundreds or thousands" of computers and was "meant to infect the world."
— AP law enforcement reporter Michael Balsamo
(Previously from Seoul, South Korea)
Security researchers say China's fondness for pirated software left it especially vulnerable to the latest global cyberattack.
Beijing has tolerated rampant use of unlicensed software copies despite repeated promises to crack down and warnings by industry groups that China is leaving itself open to being hurt by malicious code.
BSA The Software Alliance, an industry group, says some 70 percent of computers in China run unlicensed software, the highest level among large countries. Rates for the United States, Japan, Germany and Britain range from 18 to 22 percent.
Experts say that has left millions of Chinese computers without security support and made China among countries most affected by the WannaCry "ransomware" attack that has hit more than 150 countries.
Saudi Arabia says the WannaCry "ransomware" attack affected some government computers as well as those of Saudi Telecom Co., which provides landline, mobile and internet services for millions in the country.
The kingdom's electronic security agency says about 18 percent of Saudi Telecom's computers were affected by the cyberattack. It says private computers also were affected.
U.S. antivirus company McAfee says cyberattacks continue to hit Saudi Arabia.
Data-wiping malicious software wrecked thousands of computers at Saudi Arabia's state-run oil company Aramco in 2012 in one of the most destructive attacks in the private sector.
Taiwanese state media say the WannaCry cyberattack infected computers in 10 schools, the national power company, a hospital and at least one private business.
However, the Central News Agency says the ransomware program caused no damage to the schools' core database systems. Taiwan's education ministry has warned institutions to protect their information and not to download software from unknown sources. It advises that schools should disconnect computers from the internet and reformat them in the event that malware is detected.
The news agency says WannaCry also infected computers at an office of the Taiwan Power Company, a hospital and a business in the central city of Taichung. The business, whose name was not given, reported paying $1,000 in bitcoin to unlock files held hostage by the program. It wasn't clear whether the files had been recovered.
The news agency says there have been no reported incidents of the ransomware affecting government agencies.
A South Korean cybersecurity expert said Tuesday there is more circumstantial evidence that North Korea may be behind the global "ransomware" attack: the way the hackers took hostage computers and servers across the world was similar to previous cyberattacks attributed to North Korea.
Simon Choi, a director at anti-virus software company Hauri Inc. who has analyzed North Korean malware since 2008 and advises the government on cyberattacks, said the North is no newcomer to the world of bitcoins and has been mining the digital currency using malicious computer programs since as early as 2013.
In the current attack, hackers demand payment from victims in bitcoins to regain access to their encrypted computers.
Last year, Choi accidentally spoke to a hacker traced to a North Korean internet address about development of ransomware and he alerted South Korean authorities.
If North Korea, believed to be training cyberwarriors at schools, is indeed responsible for the latest attack, Choi said the world should stop underestimating its capabilities and work together to think of a new way to respond to cyber threats, such as having China pull the plug on North Korea's internet.
Choi is one of a number of researchers around the world who have suggested a possible link between the "ransomware" known as WannaCry and hackers linked to North Korea. While Choi's speculation may deepen suspicions that the nuclear-armed state is responsible, the evidence is still far from conclusive. Authorities are working to catch the extortionists behind the global cyberattack, searching for digital clues and following the money.
Researchers at Symantec and Kaspersky Lab have found similarities between WannaCry and previous attacks blamed on North Korea.
South Korea has been a frequent target of cyberattacks that it traced to its northern neighbor. Some high-profile attacks between 2009 and 2013 shut down government websites, banking systems and paralyzed broadcasters.
South Korea was mostly spared from the latest ransomware attack, partly because the constant threats have made the government and companies careful about always updating their software.