Cyberattack: NK’s new cash source?
Speculation is rising that North Korea is using cyberattacks to earn cash amid tightened international sanctions against the isolated country.
U.S. Homeland Security Advisor Tom Bossert said Monday that less than $70,000 has been paid to hackers in the form of bitcoins in connection with an ongoing ransomware attack.
The ransomware, dubbed WannaCry, had infected more than 300,000 computers in about 150 countries, Bossert said.
It can encrypt all files on a Windows PC and submit a demand for $300 worth of bitcoins, an untraceable digital currency widely used online, to unlock the user’s data.
North Korea has been suspected of being behind the cyberattacks as security experts suggested a link between the WannaCry ransomware and a North Korean-run hacking operation.
Google researcher Neel Mehta and the Moscow-based Kaspersky Lab earlier claimed the code used in the ransomware shares many similarities to code used by the Lazarus hacking group, believed to be connected to Pyongyang.
The Lazarus group has reportedly been engaged in past cyberattacks including the targeting of Sony Pictures in 2014 and the central bank of Bangladesh in 2016.
Analysts say that signs of North Korea engaging in ransomware attacks have been detected in recent years, raising the possibility they may be a means to earn foreign currency.
“I saw signs last year that the North was preparing ransomware attacks or are even already beginning to do so, targeting some South Korean companies,” Simon Choi, director of the Seoul-based internet security firm Hauri, told AFP.
Noting that the North has been mining the digital currency using malware since as early as 2013, he cited a major attack last year that stole the data of over 10 million users of Interpark, a Korean online shopping site, in which hackers demanded about $3 million in bitcoins.
Kim Seung-joo, who teaches cyber defense at Korea University, agreed saying, “It is speculated that North Korea has gained foreign currency through ransomware schemes.”
“In 2014, ransomware cases were about 320 but in 2016 they soared to over 600 million, which implies hackers now know it is a moneymaker.”
Some were more cautious linking the isolated country to the recent cyberattacks, but they said circumstantial evidence was too strong to ignore.
“It might take longer to look into the attacks but it will be hard to figure out the direct perpetrator,” said Yang Wook, a senior researcher at the Korea Defense and Security Forum.
“Considering North Korea’s current situation, it is easy to assume the country is desperate enough to find a way to make money, even through illegal means.”
The U.N. has aimed to cut North Korean exports in half by limiting its sales of coal and other minerals, a key source of hard currency.
“It’s natural for North Korea to bank on the ransomware with plenty of personnel trained for cyberwarfare, not to mention it is an easy tool to earn foreign currency with,” said Shin In-kyun, president of the Korea Defense Network, referring to an army of thousands of hackers operating in both North Korea and China.