The U.S. government has publicly blamed North Korea for the May 2017 WannaCry ransomware attacks. The National Security Agency had previously said it had “moderate confidence” North Korea was behind the attack, and Trump adviser Thomas Bossert erased any remaining doubt in an op-ed piece published in the Wall Street Journal Monday evening.
While the op-ed was the first official acknowledgement by the U.S. government that the North Korean government sponsored WannaCry, others had voiced similar opinions in recent months. In October, Microsoft president Brad Smith said he had “great confidence” that Pyongyang was behind the attack, and an internal investigation by Britain’s National Cyber Security Centre came to the same conclusion.
The WannaCry ransomware attack was noteworthy for several reasons.
For one, the scale of the attack was enormous. Secondly, it didn’t just encrypt data and corrupt files — it endangered lives by paralyzing Britain’s hospitals. And lastly, the code that made the attack so widespread was written by the NSA itself.
The exact extent of the WannaCry attack remains unclear. Experts estimate that between 200,000 and 300,000 devices were infected across more than 150 countries. Damages cannot be calculated precisely but were certainly in the billions of dollars.
Perhaps the most prominent and concerning victim of the ransomware was Britain’s National Health Service which had to cancel thousands of appointments and operations due to WannaCry. No patient deaths have been definitively linked to these rescheduled events, but the lack of preparedness by one of Britain’s most revered institutions was alarming.
In the op-ed, Bossert did not address the fact that WannaCry used a vulnerability discovered and kept secret by the NSA. Only when hackers stole and publicly released the tool (called Eternal Blue) did the NSA alert Microsoft of the security flaw.
This powerful tool helped WannaCry spread laterally through networks, grinding many businesses to a halt. Microsoft later chided government agencies for stockpiling vulnerabilities and even called out the NSA and CIA specifically.
Bossert’s article touted upgrades to America’s cyber security by the Trump administration.
Bossert mentioned the controversial decision to ban anti-virus products from Kaspersky Lab on government computers. He also boasted that the administration shares “almost all the vulnerabilities” they find with developers (conspicuously omitting any reference to Eternal Blue).
The piece ended with a rallying call for allies and the private sector to counter cyber attacks. By publicly attributing the attacks — which disrupted business in the vast majority of countries — to the rogue nation, the administration likely hopes to build a stronger case for further sanctions and cooperative action against the North Korean government. Whether China and Russia (who can veto any new United Nations sanctions) will be convinced remains to be seen.