Enlarge (credit: Health Service Journal)
Researchers have found more digital fingerprints tying this month's WCry ransomware worm to the same prolific hacking group that attacked Sony Pictures in 2014 and the Bangladesh Central Bank last year.
Last week, a researcher at Google identified identical code found in a WCry sample from February and an early 2015 version of Contopee, a malicious backdoor used by Lazarus Group, a hacking team that has been operating since at least 2011. Additional fingerprints linked Lazarus Group to hacks that wiped almost a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank last year. Researchers say Lazarus Group carries out hacks on behalf of North Korea.
On Monday, researchers from security firm Symantec presented additional evidence that further builds the case that WCry, which is also known as WannaCry, is closely linked to Lazarus Group. The evidence includes: