North Korea Responsible For 'WannaCry' Ransomware Attack, U.S. Says

Dec 19, 2017
Originally published on December 19, 2017 8:43 am
Copyright 2018 NPR. To see more, visit


Computers in some 150 countries across the world were hit this May by a crippling cyberattack. The malware was called WannaCry, and the White House now says North Korea was behind it. NPR's Elise Hu covers the Koreas for us, and she joins us now from Seoul. Elise, good morning.

ELISE HU, BYLINE: Good morning.

GREENE: Can you just take us back to May and remind us about the effect that WannaCry had on all these computers?

HU: Yeah, so WannaCry was a ransomware attack. Ransomware works by locking you out of your computer system and your data and holding it hostage until you turn over money. The WannaCry attack exploited a flaw in old Windows operating systems. And it hit computers across Europe, the U.S., India, Brazil, Russia, China - dozens of other countries. Some 300,000 computers were hit. And in the U.K., the National Health Service was hit, which actually brought hospitals temporarily to a standstill.

GREENE: So this was huge, and it is no small thing that the White House is now saying that North Korea was directly responsible. Are they certain of that?

HU: Well, the White House homeland security adviser is essentially confirming what the National Security Agency, the NSA, found earlier, and that was reported over the summer. Additional evidence is coming from foreign governments, the United Kingdom for example, and private companies and corporations that were hit. So they are fairly certain that a North Korean group known as the Lazarus Group was behind the attack.

GREENE: Can you help me understand a bit about North Korea? I mean, we always talk about this as one of the poorest countries in the world where if - on average, a North Korean is earning, like, a thousand dollars a year, and yet hackers potentially working for the government, I mean, can do something this sophisticated.

HU: Yeah, yeah. Well, you know, people in national security often remind us that some of the most pernicious kinds of battles between different states now, different countries, won't be fought with traditional arms, right? Cyberattacks are the way for North Korea to essentially punch above its weight. North Korea's government has sponsored hackers. Those hackers have trained in China. They have access to global networks, and they have some real successes to count over the last few years.

GREENE: Like what? What would you call success?

HU: They really put themselves on the map in 2013 by crippling South Korean banks and broadcasters, stopping South Korean ATMs from working, freezing payment systems. Then you'll recall the 2014 attack on Sony Pictures in which the North Koreans were trying to block the release of that film that was satirizing Kim Jong Un. Lately...

GREENE: "The Interview," right?

HU: That's right, "The Interview." And lately, instead of stealing information, hackers have really focused on stealing money. North Korean hackers are linked to a cyber heist of some $81 million from a Bangladeshi bank last year. This WannaCry ransom attack really forced people to pay ransoms even though they didn't get their data back. And now South Korea suspects its bitcoin exchanges have also been targeted by North Korea. You know that Bitcoin obviously is worth a lot of money right now. And so one South Korean bitcoin exchange lost the equivalent of some $15 million worth of bitcoin this year. And security firms suspect - who guessed it - North Korea.

GREENE: And I guess one question is what the U.S. government, now that they're blaming North Korea, can actually do about this.

HU: Well, it's not clear if the White House is going to press for further sanctions, but the White House is using this as a call for greater cooperation with other governments in helping stop cyberattacks.

GREENE: All right. That is NPR's Elise Hu, who is based in Seoul. Thanks a lot, Elise. We appreciate it.

HU: You bet. Transcript provided by NPR, Copyright NPR.