The WannaCry ransomware attack which affected hospitals in the United Kingdom and medical devices in the U.S. was the work of hackers in North Korea, according to Homeland Security adviser Tom Bossert.
The National Security Agency had linked the attack to North Korea soon after it occurred, affecting hundreds of thousands of devices across 150 countries. In a briefing at the White House on Dec. 19, Bossert said they “now have the evidence to support this assertion,” finding a “concerted effort” behind the attack which the U.S. believes was directed by the North Korean government.
“The consequences and repercussions of WannaCry were beyond economic,” he wrote in an opinion piece published by the Wall Street Journal. "The malicious software hit computers in the U.K.'s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk.”
The virus was spread by exploiting a security vulnerability in older versions of Microsoft’s Windows operating system, which has later traced back to a stolen NSA cyber tool. Many British hospitals which were affected hadn’t applied a March security patch which covered this vulnerability or were using much older operating systems, such as the 16-year-old Windows XP. In the U.S., the impact was more limited, as the virus was only reported to have infected some Bayer and Siemens medical devices.
Bossert said future attacks can be mitigated by private sector organizations, including those in healthcare, alerting government agencies when they receive phishing emails or other signs of a cyberattack.
“We want them to increase our sharing of information with us, and then as we move forward and become more sophisticated in this administration, we’re going to ask them to look into sharing more technical information on how they’re architected and where their exposure points are,” he said.