Dec. 19 (UPI) — The United States believes North Korea is responsible for the WannaCry cyberattack in May, White House homeland security adviser Thomas Bossert said Monday.
In an op-ed published in the Wall Street Journal, Bossert said other governments and private companies agree with the United States’ findings, stating the United Kingdom also attributes the attack to North Korea and Microsoft has traced the attack to cyber affiliates of the North Korean government.
“The U.S. today publicly attributes the massive ‘WannaCry’ cyberattack to North Korea,” Bossert wrote. “The attack was widespread and cost billions, and North Korea is directly responsible.”
The “ransomware” cyberattack targeted companies and governments in at least 150 countries beginning May 12, when the malware virus demanded $300 per computer to restore access after taking control of computer systems.
A report in June linked North Korea to the attack, stating the NSA made an assessment and with “moderate confidence” could say Pyongyang’s Reconnaissance General Bureau was behind the cyberattack that affected 300,000 computer users worldwide.
Bossert said North Korea’s “malicious behavior” has carried on for years and is growing more egregious.
“The consequences and repercussions of WannaCry were beyond economic,” Bossert said. “The malicious software hit computers in the U.K.’s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk.”
Bossert called for the private sector to do more to prevent such incidents and encouraged governments of the world to “continue to hold accountable those who harm or threaten us.”
He said President Donald Trump has “made his expectations clear” by ordering the modernization of government information-technology to enhance the security systemsand the sharing of software vulnerabilities with developers.
Bossert also touted the decision to ban Kaspersky Lab software in government computers, as well as charges against Chinese nationals and Iranian hackers for cyber crimes.
“When we must, the U.S. will act alone to impose costs and consequences for cyber malfeasance,” he said.