WannaCry Ransomware: NSA, NCSC Reportedly Linked Computer Worm to North Korea

Symantec/Handout via ReutersA screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S.

The National Security Agency has raised the possible involvement of the North Korean regime with the WannaCry ransomware. The computer malware has infected more than 300,000 computers in countries around the world, according to reports.

An internal report points to the North Korean agency called the Reconnaissance General Bureau as the origin of the computer worm, according to sources as reported by the Washington Post.

The report detailed the analysis of techniques and targets associated with the WannaCry ransomware and has determined, with "moderate confidence," that the malware originates from the reclusive country, as claimed by an insider familiar with the internal assessment.

While the analysis did not make a strong conclusion about the involvement of the North Korean government, most of the evidence gathered during the spread of the ransomware suggests that conclusion. Among these pieces of evidence is the range of Internet Protocol (IP) addresses, most of which are based in China, which has been historically used by North Korea's RGB.

Meanwhile, Britain's National Cyber Security Center (NCSC) has also been mentioned as having attributed the ransomware to North Korea, as well. The British cyber-attack authority has reportedly identified the North Korean hackers who created WannaCry as the Lazarus Group.

The British security center would neither confirm nor deny these reports, according to the Guardian. An insider confirmed that the NCSC has concluded their assessment of the WannaCry worm in the past weeks as part of an international investigation into the malware.

The computer worm has affected the National Health Service of the United Kingdom, as well as other organizations worldwide.

Analysis of WannaCry's code by private companies such as SecureWorks also suggested ties to the North Korean Group. According to the cyber security company, an earlier version of WannaCry reportedly shared code with Brambul, an even earlier piece of malware.

"Brambul is uniquely associated with North Korean threat group Nickel Academy (AKA Lazarus group)," SecureWorks said, lending support to speculation that the notorious ransomware had its origins from within the reclusive regime.