Reported by The Sun, Symantec and Kaspersky said technical guidance about the origin of WannaCry, directing them to a group of hackers who have links with North Korea, namely Lazarus. The group is believed to be involved in a series of hacking actions since 2009, including Sony Pictures Entertainment in 2014.
According to Kaspersky and Symantec, the technical details in the early versions of the WannaCry code, similar to the code used by a backdoor in 2015, made by Lazarus.
They are also known to use and target Bitcoin in their hacking activities. This equation was first recognized by security researchers Google, Neal Mehta, and voiced by other researchers including Matthieu Suiche from Gomae Technologies.
The similarity of the code does not mean the same group of hackers responsible. It could be a different group to reuse Lazarus backdoor code to complicate the identification process of the offender.
But the code in question seems to have been removed from the latest version of WannaCry, so according to Kaspersky, Lazarus' alleged involvement is strong enough.
Researchers from Kaspersky believe their research results can solve the WannaCry mystery. "We believe this may be the key to solving some of the mystery of this attack, it is important to note that other researchers around the world are investigating this equation and trying to find more facts about WannaCry's origin," Kaspersky researchers said in the statement.
Terror ransomware WannaCry has drawn attention since last weekend. According to data obtained yesterday (15/05/2017), malware has spread to 150 countries, including Indonesia. At least 200 thousand computer users have become victims and this figure is reported to increase.
For in Indonesia, the Hospital (Hospital) Dharmais, is one of the victims. Director of Dharmais Hospital, Abdul Kadi, admitted 60 out of 600 computers in RS Dharmais were exposed to WannaCry attacks. However, he ensures Dharmais hospital service system, including operation, is not neglected.