SEOUL, South Korea — A South Korean cybersecurity expert said Tuesday there is more circumstantial evidence that North Korea may be behind the global “ransomware” attack: the way the hackers took hostage computers and servers across the world was similar to previous cyberattacks attributed to North Korea.
Simon Choi, a director at anti-virus software company Hauri Inc. who has analyzed North Korean malware since 2008 and advises the government on cyberattacks, said the North is no newcomer to the world of bitcoins and has been mining the digital currency using malicious computer programs since as early as 2013.
In the current attack, hackers demand payment from victims in bitcoins to regain access to their encrypted computers.
Last year, Choi accidentally spoke to a hacker traced to a North Korean internet address about development of ransomware and he alerted South Korean authorities.
If North Korea, believed to be training cyberwarriors at schools, is indeed responsible for the latest attack, Choi said the world should stop underestimating its capabilities and work together to think of a new way to respond to cyber threats, such as having China pull the plug on North Korea’s internet.
Choi is one of a number of researchers around the world who have suggested a possible link between the “ransomware” known as WannaCry and hackers linked to North Korea. While Choi’s speculation may deepen suspicions that the nuclear-armed state is responsible, the evidence is still far from conclusive. Authorities are working to catch the extortionists behind the global cyberattack, searching for digital clues and following the money.
Researchers at Symantec and Kaspersky Lab have found similarities between WannaCry and previous attacks blamed on North Korea.
South Korea has been a frequent target of cyberattacks that it traced to its northern neighbor. Some high-profile attacks between 2009 and 2013 shut down government websites, banking systems and paralyzed broadcasters.
South Korea was mostly spared from the latest ransomware attack, partly because the constant threats have made the government and companies careful about always updating their software.