North Korea Responsible For 'WannaCry' Ransomware Attack, U.S. Says In an op-ed in The Wall Street Journal, Homeland security adviser Tom Bossert writes that after careful investigation, the U.S. is sure that Pyongyang carried out the attack in May.
NPR logo

North Korea Responsible For 'WannaCry' Ransomware Attack, U.S. Says

  • Download
  • <iframe src="https://www.npr.org/player/embed/571868305/571868306" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
North Korea Responsible For 'WannaCry' Ransomware Attack, U.S. Says

North Korea Responsible For 'WannaCry' Ransomware Attack, U.S. Says

North Korea Responsible For 'WannaCry' Ransomware Attack, U.S. Says

  • Download
  • <iframe src="https://www.npr.org/player/embed/571868305/571868306" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

In an op-ed in The Wall Street Journal, Homeland security adviser Tom Bossert writes that after careful investigation, the U.S. is sure that Pyongyang carried out the attack in May.

DAVID GREENE, HOST:

Computers in some 150 countries across the world were hit this May by a crippling cyberattack. The malware was called WannaCry, and the White House now says North Korea was behind it. NPR's Elise Hu covers the Koreas for us, and she joins us now from Seoul. Elise, good morning.

ELISE HU, BYLINE: Good morning.

GREENE: Can you just take us back to May and remind us about the effect that WannaCry had on all these computers?

HU: Yeah, so WannaCry was a ransomware attack. Ransomware works by locking you out of your computer system and your data and holding it hostage until you turn over money. The WannaCry attack exploited a flaw in old Windows operating systems. And it hit computers across Europe, the U.S., India, Brazil, Russia, China - dozens of other countries. Some 300,000 computers were hit. And in the U.K., the National Health Service was hit, which actually brought hospitals temporarily to a standstill.

GREENE: So this was huge, and it is no small thing that the White House is now saying that North Korea was directly responsible. Are they certain of that?

HU: Well, the White House homeland security adviser is essentially confirming what the National Security Agency, the NSA, found earlier, and that was reported over the summer. Additional evidence is coming from foreign governments, the United Kingdom for example, and private companies and corporations that were hit. So they are fairly certain that a North Korean group known as the Lazarus Group was behind the attack.

GREENE: Can you help me understand a bit about North Korea? I mean, we always talk about this as one of the poorest countries in the world where if - on average, a North Korean is earning, like, a thousand dollars a year, and yet hackers potentially working for the government, I mean, can do something this sophisticated.

HU: Yeah, yeah. Well, you know, people in national security often remind us that some of the most pernicious kinds of battles between different states now, different countries, won't be fought with traditional arms, right? Cyberattacks are the way for North Korea to essentially punch above its weight. North Korea's government has sponsored hackers. Those hackers have trained in China. They have access to global networks, and they have some real successes to count over the last few years.

GREENE: Like what? What would you call success?

HU: They really put themselves on the map in 2013 by crippling South Korean banks and broadcasters, stopping South Korean ATMs from working, freezing payment systems. Then you'll recall the 2014 attack on Sony Pictures in which the North Koreans were trying to block the release of that film that was satirizing Kim Jong Un. Lately...

GREENE: "The Interview," right?

HU: That's right, "The Interview." And lately, instead of stealing information, hackers have really focused on stealing money. North Korean hackers are linked to a cyber heist of some $81 million from a Bangladeshi bank last year. This WannaCry ransom attack really forced people to pay ransoms even though they didn't get their data back. And now South Korea suspects its bitcoin exchanges have also been targeted by North Korea. You know that Bitcoin obviously is worth a lot of money right now. And so one South Korean bitcoin exchange lost the equivalent of some $15 million worth of bitcoin this year. And security firms suspect - who guessed it - North Korea.

GREENE: And I guess one question is what the U.S. government, now that they're blaming North Korea, can actually do about this.

HU: Well, it's not clear if the White House is going to press for further sanctions, but the White House is using this as a call for greater cooperation with other governments in helping stop cyberattacks.

GREENE: All right. That is NPR's Elise Hu, who is based in Seoul. Thanks a lot, Elise. We appreciate it.

HU: You bet.

Copyright © 2017 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.