NORTH Korea carried out the crippling NHS cyber attack last month, British security officials claim.
It’s thought hackers from a group named Lazarus launched the unprecedented global attack in May – two years after apparently targeting Sony Pictures, according to the BBC.
It hit more than 200,000 victims including a fifth of NHS trusts as hackers demanded a ransom payment.
Following an international investigation by Britain’s National Cyber Security Centre, officials claim it was carried out by North Korea.
Adrian Nish, who leads the cyber threat intelligence team at BAE, saw overlaps with previous code developed by the Lazarus group.
MOST READ IN NEWS
‘How many children died?’
Sadiq Khan is confronted by seven-year-old boy as furious locals demand answers about who’s to blame for tower blaze
hero of grenfell tower
Hero neighbour catches four-year-old girl thrown by mum from the 5th floor seconds before flat was engulfed in flames
LIAR HIGH CLUB
Man filmed romping with woman in front of passengers on Ryanair flight was ‘cheating on his pregnant fiancée who was waiting at home’
‘I LOVE YOU MUM’
Italian couple’s heartbreaking final phone call as fire crept into their home on 23rd floor – as hopes fade for Grenfell Tower missing
‘i knew so many of the dead’
Owner of Grenfell Tower flat where fire started tells of agony with fears death toll will pass 100
‘turning on taps saved us’
Family made miraculous escape from tower block after mum used bath to flood flat
He said: “It seems to tie back to the same code-base and the same authors.
“The code-overlaps are significant.”
The NHS is thought to be one of the first victims of the attack, which started in the UK and Spain before spreading around the world.
Seven of the 47 NHS England trusts that were hit — a fifth of the service — are still seriously affected, while 13 trusts in Scotland also suffered.
Staff were forced to cancel or postpone operations and appointments as several hospitals and GPs surgeries were crippled by the hack.
At the time government security minister Ben Wallace said a virus delivered from a single email was the “most likely form of delivery” for the cyber attack.
It seems to tie back to the same code-base and the same authors.
Adrian Nishleads the cyber threat intelligence team at BAE
“These type of ransomwares are usually effectively disguised”, he said.
“They come in on what looks like a routine email from a friend or somebody else.”
He added that the ransomware, named WannaCry, is specifically designed to target some Windows operating systems.
“That meant that it spread incredibly quickly across any organisation that has a large network”, he said.
“Of course, the NHS has a very large network where the computers are on all the time, allowing it to get that momentum.”
Ransomware attacks infect computers, blocking access to files and demanding a $300 (£230) payment to unlock them again.
Expert James Scott told The Sun: “They knew they were a target.”
Do you have a story for The Sun Online news team? Email us at tips@the-sun.co.uk or call 0207 782 4368