>> The ongoing global cyber attack may have some North Korean fingerprints. The WannaCry ransomware worms spread like wildfire beginning last week, locking down computers unless you pay attackers to get back your data. But on Monday, leading cyber security researchers say they've found some familiar code in the virus seen in the alleged attacks by a Lazarus group, believed to be a North Korean run hacking operation.
It's the best clue, so far, as to where the worm may have come from. Reuters' Jeremy Wagstaff reports on what we know about the shadowy figures.>> They may not be North Korean. They may not be based in North Korea. But there is evidence according to these researchers of links between this group and the North Korean regime.
What do they do for North Korea? Well, they allegedly have been behind a number of attacks. They've been behind the attack on Sony Pictures when a movie was stolen and large amounts of data was stolen. They're also believed by some to be behind the SWIFT attacks, Bank Bangladesh and others, where about 80 million dollars was stolen via the SWIFT messaging system.
>> At its peak last week, the virus hit 9,000 computers per hour. Experts were impressed at how fast it surged around the globe, but the motive behind WannaCry is still unclear, especially since it hasn't made much money.>> They've probably made about $60,000 so far in terms of people paying up to have that data decrypted.
That sounds like a lot of money but it's not. Usually ransomware attackers will be talking in millions, maybe tens of millions of dollars for a successful attack. The other thing is that although the malware spread virulently throughout the world, we're not seeing evidence of stock exchanges, utilities, companies, governments, collapsing under the weight of this infection.
>> Microsoft says the attack made use of a hacking tool built by America's NSA that leaked online last month. That's poured fuel on the political fire. On Monday, President Trump's Homeland Security Chief tried to distant the agency from blame saying the tool was never meant to hold data ransom.