US & World

US says North Korea 'directly responsible' for 'WannaCry' ransomware attack

White House Homeland security adviser Tom Bossert speaks during the daily news briefing at the White House, in Washington, in September.
White House Homeland security adviser Tom Bossert speaks during the daily news briefing at the White House, in Washington, in September.
Carolyn Kaster/AP

The White House has publicly blamed North Korea for a ransomware attack in May that locked more than 300,000 computers in 150 countries.

In an opinion piece published in The Wall Street Journal on Monday, Homeland security adviser Tom Bossert writes that after careful investigation, Washington can say that Pyongyang is "directly responsible" for the WannaCry virus.

Bossert called the attack in which victims received ransom demands to unlock their computers "cowardly, costly and careless."

"The consequences and repercussions of WannaCry were beyond economic," he wrote. "The malicious software hit computers in the U.K.'s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk."

Bossert is expected to brief reporters on Tuesday about the hacking.

NPR's Elise Hu tells Morning Edition that "cyberattacks are a way for North Korea to punch above its weight" and that Pyonyang's hackers "have access to global networks and the internet, and they have some real successes to count."

Within days of the attack in May, North Korea fell under suspicion. As NPR's Bill Chappell reported at the time, WannaCry was found to have "lines of code that are identical to work by hackers known as the Lazarus Group, [which has] ... been linked to North Korea, raising suspicions that the nation could be responsible."

And in October, Britain's Minister of State for Security Ben Wallace said his government was "as sure as possible" that Pyongyang launched the attack.

Bossert said that President Trump had "ordered the modernization of government information-technology to enhance the security of the systems we run on behalf of the American people."

"We also indicted Russian hackers and a Canadian acting in concert with them. A few weeks ago, we charged three Chinese nationals for hacking, theft of trade secrets and identity theft. There will almost certainly be more indictments to come," he wrote.

He said that the administration would continue to use its "maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."

The Associated Press writes:

The WannaCry ransomware exploited a vulnerability in mostly older versions of Microsoft's Windows operating system. Affected computers had generally not been patched with security fixes that would have blocked the attack.

Security experts, however, traced the exploitation of that weakness back to the U.S. National Security Agency; it was part of a cache of stolen NSA cyberweapons publicly.

At least one attack by the Shadow Brokers on the NSA came to light in August 2016, when it put code it said was stolen from the agency up for auction.

Copyright 2017 NPR. To see more, visit