The U.S. blamed North Korea for the WannaCry ransomware attack that affected hundreds of thousands of computers globally this year, offering further justification for the White House’s campaign to step up international pressure on the regime.
“After careful investigation, the United States is publicly attributing the massive WannaCry cyberattack to North Korea,” White House homeland security adviser Tom Bossert told reporters Tuesday. “We do not make this allegation lightly. We do so with evidence, and we do so with partners.”
WannaCry crippled parts of the U.K.’s state-run National Health Service and compromised companies such as FedEx Corp. and Nissan Motor Co.
After WannaCry began infecting computers powered by Microsoft Corp.’s Windows via the internet on May 12, users had 72 hours to pay $300 in bitcoin, or pay twice as much. Paying didn’t unlock their computers, Bossert wrote in a Wall Street Journal op-ed that was published Monday.
“It was cowardly, costly and careless,” he wrote. “The attack was widespread and cost billions, and North Korea is directly responsible.”
While calling the public attribution an initial step in holding North Korea accountable, Bossert said President Donald Trump had already exhausted many of the tools available for punishing the regime in Pyongyang as he seeks to halt its nuclear weapons and ballistic missile programs.
“North Korea has done everything wrong as an actor on the global stage that a country can do,” he told reporters Tuesday during a White House briefing. “President Trump has used just about every lever that you can use short of starving the people of North Korea to death to change their behavior. And so we don’t have a lot of room left here to apply pressure to change their behavior.”
Bossert called on governments and companies around the world to cooperate to mitigate cyber risk, and said the U.S. would lead the effort. Microsoft, Facebook and other companies worked to disrupt the attack and moved last week to disable North Korean accounts that were being used for cyber attacks, Bossert said.
Jeanette Manfra, assistant secretary of homeland security for cybersecurity and communication, said that the companies should take additional steps to collaborate with the government to defend against cyber attacks..
“We make it way to easy for attackers by operating independently,” she told reporters. “Our adversaries are not distinguishing between public and private so neither should we. government and industry must work together, now more than ever, if we are serious about improving our collective defense.”
North Korea has been developing cyber capabilities as trade sanctions and a debilitated domestic economy make it difficult to invest in conventional military capabilities, said Tom Uren, a visiting fellow at the Australian Strategic Policy Institute’s International Cyber Policy Centre.
“Having a formal report gives more weight to negotiations when the U.S. approaches China, or Russia or anywhere else that might be providing North Korea with internet services,” Uren said. “It gives them something else to bring to the table.”
The U.K. government in October blamed North Korea for the attack on the NHS. Kim Jong Un’s regime denied any connection. Until now, the U.S. hadn’t publicly named Pyongyang as being behind the attack. In addition to the U.K., Australia, Canada and Japan are among countries that agree with the U.S. analysis, Bossert said.
Bossert said that because the ransomware attack requested payment in cryptocurrency, it was difficult to assess how successful it was in raising funds.
While North Korea allows internet access to only a small portion of its population, it began to train its techno soldiers in the early 1990s, according to South Korea’s Defense Security Command. The country probably employs 1,700 state-sponsored hackers, backed by more than 5,000 support staff, according to ASPI.
North Korea has grown increasingly adept at breaking into computer systems around the world for financial gain and strategic benefit. This year, the regime’s cyber warriors have been linked to stolen U.S.-South Korean military plans and the alleged theft of $60 million from a Taiwan bank.
The hackers drew international headlines in 2014 when they allegedly broke into Sony Corp.’s movie business as it was preparing to release “The Interview,” a Seth Rogen and James Franco comedy about meeting the North Korean leader.