Published on May 24th, 2017 | by admin
Symantec investigation into WannaCry / Lazarus link
Following last week’s global WannaCry ransomware outbreak, Symantec has monitored and conducted a thorough investigation into the tools and infrastructure used in the WannaCry ransomware attacks, finding similarities and markers in the ransomware code that indicate a connection to the Lazarus group.
The Lazarus group was responsible for the destructive attacks on Sony Pictures and the theft of US$81 million from the Bangladesh Central Bank.
The first evidence Symantec has seen of WannaCry being used was February 10, when a single organisation was compromised. Within two minutes of the initial infection, more than 100 computers in the organisation were infected. A second iteration of the ransomware began on March 27, before going global on May 12.
Details on the comparison of tools used to spread WannaCry and those Lazarus is known for, can be found here: https://www.symantec.com/connect/blogs/wannacry-ransomware-attacks-show-strong-links-lazarus-group