Skip to main content

North Korea behind WannaCry?

January 1, 2018 | Expert Insights

The US administration has stated that the potent WannaCry ransomware attack of 2017 was engineered by players in North Korea.

The isolated nation in the past has been accused of similar crimes and experts believe that this could be how the nation subvert sanctions that are imposed on it by the UN.


One of the most potent cyberattacks took place in May 2017 that paralyzed hundreds of thousands of systems across the world. The WannaCry ransomware cryptoworm, targeted computers that were running on Microsoft Windows operating system. It encrypted data in the systems and demanded ransom payments in Bitcoins.

In one day, it infected over 230,000 computers and the attack spread over 150 countries. Many institutions across the world like UK’s National Health Service (NHS), FedEx, Deutsche Bahn and Spain’s Telefonica were hit. Hutchins, a 23-year-old researcher, accidentally found and activated the “kill switch” that helped end the attack. At the time, Hutchins wanted to be anonymous and called himself MalwareTech. However, his identity was revealed by the media and he was subsequently lauded for his actions.

Despite its isolation from the world, North Korea is known for its ability to successfully conduct cyberattacks on rival nations. In 2013, three South Korean broadcasters fell victim to cyberattacks. National broadcasters, KBS, MBC and YTN noted that their computer networks had come to a complete halt thus affected broadcast. At the time, the government said that it believed North Korea was behind the hack. Similarly, in 2014, film studio, Sony Pictures was hacked by a group which identified itself as "Guardians of Peace" (GOP). The group released personal emails, information and details about employees working in Sony. It also leaked a number of confidential data. It also demanded that the studio should shelves one of its films called The Interview. The film featured a plot to assassinate Kim Jong Un. US intelligence agencies claimed that North Korea was possibly be behind the attacks, but the country denied its involvement.


North Korea has invested in capabilities to successfully carry out cyberattacks. In 2016, the country was allegedly able to breach the cyber command set up by South Korea. It has conducted similar cyberattacks on South Korean government agencies and organizations in the past.

The current US administration has announced that North Korea was directly involved and perhaps orchestrated the WannaCry ransomware attack of 2017. In an op-ed for the Wall Street Journal, Tom Bossert, homeland security adviser to Donald Trump wrote, “The attack was widespread and cost billions, and North Korea is directly responsible.”

“We do not make this allegation lightly,” he wrote. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”

Bossert added, North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious.”

This isn’t the first time a government has accused North Korea of having conducted the cyberattack. In November, the UK government laid out similar accusations and noted that it was “all but certain” that North Korea was behind WannaCry. The Lazarus Group, which had carried out the attack was allegedly working on the behest of the North Korean regime.

In 2017, North Korea was hit with sanctions directed at choking its economy. The UN had issued these sanctions as the isolated regime continued to carry out nuclear tests and launched 23 missiles. A South Korean government official in October 2017 also accused North Korea of breaching South Korean systems and stealing sensitive military secrets.

North Korea has yet to respond to the allegations laid out by the US administration.


Our assessment is that if North Korea is behind the WannaCry attack, then it would be an indication on how the North Korean government has been able to sustain itself despite sanctions. This also indicates that the nature of war in the 21st century has completely changed. Nation states no longer have to carry out sustained military campaigns in order to inflict damage on enemy states. The WannaCry attack hit more than 300,000 computers in 150 nations, causing billions of dollars of damage. Governments and law enforcement agencies must prepare for a new reality where cyber attacks pose a threat to not only individuals but also the sovereignty of nations.