MOSCOW(Sputnik) – On May 12, the Kaspersky Lab cybersecurity company registered about 45,000 ransomware attacks in 74 countries worldwide. On Sunday, Europol Executive Director Rob Wainwright said that as the malware, dubbed WannaCry, continued to spread over the weekend, 200,000 users in 150 countries had been affected.
"In this specific case the security expert has found a specific partial code inside one of the earlier versions of WannaCry … linked to the one that has been used by the Lazarus Group," Paganini told Sputnik, explaining that the origin of a cyberattack is always the most difficult task for any security expert and that the partial code similarity is not enough to pinpoint the group that carried out the attacks.
According to Paganini, the WannaCry hackers could have intentionally used a code similar to the one linked to Lazarus Group in order to emulate its behavior and cover up their tracks.
"You will not be sure," the cybersecurity expert emphasized, adding that the only thing that can be established with certainty is code similarity, which, in this case, suggests that the hackers have been changing their tactics and have hidden any kind of evidence that could link to their operation.
Motivation
Asked whether North Korea could be behind the attacks, Paganini told Sputnik that one can never say for sure, but that it is unlikely that the hackers wanted ransom.
"I don't believe that the attackers in this specific case were interested in making money with this kind of attack," the expert said, adding that the fact that the malware has a "kill switch" sounds like someone who is telling everyone "I can hit anyone in the world."
Paganini explained that most people are now aware that in case of such attacks the best option is to never pay ransom, so it is likely that the actors behind WannaCry had a different motivation, likely a political one.
"I believe that someone is telling to the government, is passing a specific message: ‘Hey guy, I am able to do this.’ And if the actor behind the attack is … a government, the message is ‘Hey guy, I can paralyze the system worldwide,’" Paganini told Sputnik.
According to the Czech Avast Software security company, Russia, Taiwan, Ukraine and India were most affected by the WannaCry malware.
South Korean media reported on Wednesday, citing the Korea Internet and Security Agency (KISA), that over a dozen South Korean companies had suffered as a result of the WannaCry attacks.
"The results that we have already suffered during the weekend are just related to the use of well-known vulnerabilities. In case the attackers used … some vulnerabilities that are unknown to the security community the damages could be very dramatic," Paganini told Sputnik.
EU institutions have not been affected by the cyberattacks, European Commission spokesman Margaritis Schinas said on Monday.
US government computer systems have not been affected by the WannaCry ransomware either, US President Donald Trump's Homeland Security Advisor Tom Bossert said at a press briefing on Monday.
Means of Protection
Paganini recommended that users keep their software updated, create a backup copy of all data and install all the necessary anti-virus software in order to protect their devices from cyberattacks.
Asked about the Lazarus Group, which could be behind the most recent ransomware attacks, the expert said that "numerous companies and security firms have investigated the activity of the group" and that it is believed to have been active since 2007.
"It’s for sure a politically-motivated group," Paganini told Sputnik, adding that Lazarus hackers have carried out attacks against governments, bank systems and pirate companies and that the group is "one of the most active" and is "well-funded."
According to the Times newspaper, the attackers may have already received over $42,000 from the affected users.