After the first shock from Wannacry's global attack, the authorities began hunting for those behind the biggest ransomware attack ever.
"We are searching through huge amounts of data associated with attack to identify patterns", said Lynne Owens, Director General of the National Crime Agency (National Crime Agency), της βρετανικής teamfor the fight against organized crime.
The National Crime Agency works alongside international law enforcement partners, including Europol, Interpol and the FBI, to investigate the attacks.
"We are actively exchanging information about this event and are ready to provide technical support and assistance as needed to our partners in the United States and internationally."
But the "surprise" in WannaCry's story came from a Google researcher who wants the ransomware writers to be from North Korea.
Earlier today, Google Neel Mehta researcher published a Twitter message containing the hashtag #WannaCryptAttribution.
9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598
ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution- Neel Mehta (@neelmehta) May 15, 2017
The message contains compares samples from the WannaCry crypt sample from February of 2017 and a sample of the group Lazarus APT from February of 2015, as people point out to Kaspersky Lab. The commands presented in the tweet represent a unique coding algorithm.
The Lazarus team is a well known hacker group. They have been linked to the Sony Wiper attack, as well as to the tragedy of the Bangladeshi banks that left them a few million poorer. The team has been active since 2011 and hundreds of samples of code have been collected. It was revealed that they were creating malware, developing new samples through "multiple freelancers".
There are, of course, many questions about the "appearance" of the Lazarus team at the moment. Is it true or is it just someone who imitates them?
Besides, it is not so difficult for WannaCry authors to copy the code used by Lazarus team. Moreover, today's situation with the US concentrating its fleet around North Korea allows for many confessional correlations ...
On the other hand, the code seems to have not been removed from 2015's backdoor code, which makes history much more reliable.
Kaspersky researchers are pretty sure that WannaCry's sample released in February of 2017 was compiled by the same people who are behind the current attack or by people who have access to the same source code.
Other security researchers besides Mehta noticed the same similarity, such as Matthieu Suiche of Comae Technologies, who discovered and stopped a new variant of malicioussoftware by activating a different kill switch.
https://twitter.com/msuiche/status/864179805402607623
Now, interest will be if Lazarus team be recognized by the services πληροφοριών των ΗΠΑ. Η ίδια η Kaspersky Lab παρουσίασε κάποια στοιχεία μόλις πριν από περίπου ένα μήνα, συνδέοντας τις επιθέσεις στις τράπεζες του Βιετνάμ, την τράπεζα του Μπαγκλαντές, καθώς και το τραπεζικό system SWIFT, with the Lazarus Group and North Korea.