“Round up the usual suspects,” a phrase memorably used by Captain Louis Renault, the French prefect of police, to exonerate Rick Blaine of the killing of Nazi Major Strasser in the classic film Casablanca, has been culturally accepted as a way of saying “let’s start with those who most can agree are likely to have been involved in x.” Thus it should come as little surprise that a number of cybersecurity experts are now suggesting that hackers connected to North Korea unleashed the “WannaCry” malware virus that crippled computers around the world over the past weekend.

Of late, North Korea has been most in the news for its penchant for firing off missiles with varying degrees of success, while threatening to do very bad things to whatever country is near or at the top of its current enemies list. But just a couple years ago, U.S. intelligence officials alleged North Korea was behind the cyber attack on Sony Pictures. Admittedly, the fact that the hackers demanded Sony not release a comedy that centered on the assassination of North Korean leader Kim Jong-Un raised suspicions about North Korean involvement, but the more substantial evidence included the use of tools and techniques known to have been used by North Korean hackers in previous attacks on South Korea.

The WannaCry virus locked up over 200,000 computers and spread to more than 150 countries. The estimated losses to those affected run into the billions, largely due to the disruption. Companies in Europe, Russia, and China were particularly affected. Interestingly, at last count the “ransomware” had yielded a relatively paltry $50,000 to the perpetrators, which taken at face value suggests not many people paid the ransom.

The New York Times has a fascinating story about why China seems to have been disproportionately affected by the virus.

Long known as a haven for pirated software, the fact that major Chinese companies, government agencies and universities were disrupted speaks volumes about how widespread the use of pirated software is in China. It might also call into question just how carefully planned was the unleashing of the WannaCry virus. Although the relationship between China and North Korea seems to be a bit testy at the moment, one wonders whether North Korea really would like to be seen as behind an attack doing serious injury to Chinese interests. We’ll need a little more time to determine whether in rounding up the usual suspects we’ve gotten to the bottom of the planning behind the WannaCry virus.

By Tom Davis, SDI Cyber Risk Practice

May 16, 2017