DOJ indicts hackers suspected of creating WannaCry ransomware: 5 things to know

The U.S. Department of Justice indicted the hackers allegedly behind the creation of WannaCry, a ransomware that hit organizations across the globe in May 2017 including the U.K.'s national healthcare system, according to a Feb. 17 DOJ news release.

Five things to know:

1. In May 2017, WannaCry was part of a targeted worldwide attack on computers running Microsoft Windows. An estimated 300,000 organizations were affected by the ransomware, including at least 16 of the U.K. National Health Service's facilities and several of Bayer's medical devices used in U.S. hospitals.

2. The ransomware variant works by exploiting a vulnerability discovered and developed by the U.S. National Security Agency; Microsoft created a patch for the vulnerability, but many organizations, including hospitals, had not appropriately updated their systems by the time of the attack.

3. Three North Korean computer programmers were allegedly behind the WannaCry attacks as members of the country's Reconnaissance General Bureau, a military intelligence agency that engages in criminal hacking, according to the federal indictment unsealed Feb. 17.

4. In addition to WannaCry, the three hackers, Jon Chang Hyok, Kim Il and Park Jin Hyok, allegedly orchestrated a 2014 cyberattack on Sony Pictures Entertainment, numerous global banking hacks between 2015 and 2019, ATM schemes and multiple spear-phishing campaigns on government employees.

5. The three hackers are charged with one count of conspiracy to commit computer fraud and abuse, which entails a maximum sentence of five years in prison, and one count of conspiracy to commit wire and bank fraud, which carries a maximum sentence of 30 years in prison, according to the DOJ.

"This case is a particularly striking example of the growing alliance between officials within some national governments and highly sophisticated cyber-criminals," said U.S. Secret Service Assistant Director Michael D'Ambrosio. "The individuals indicted today committed a truly unprecedented range of financial and cyber-crimes. … With victims strewn across the globe, this case shows yet again that the challenge of cybercrime is, and will continue to be, a struggle that can only be won through partnerships, perseverance and a relentless focus on holding criminals accountable."

More articles on cybersecurity:
Hacker infiltrates Iowa medical group's computer system; 34,000 patients' info exposed
15,600 patients' health info exposed in ransomware attack on California health center
North Korea tried to hack Pfizer for COVID-19 vaccine data: BBC

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Featured Whitepapers

Featured Webinars