SECURITY researchers have found a link between the crippling WannaCry ransomware and North Korean hackers.

Symantec Corp and Kaspersky Lab have identified similarities in the code used to create WannaCry and programs written by the North Korean hacking group known as Lazarus responsible for a string of cyber attacks including the high-profile Sony attack in the wake of the Seth Rogen and James Franco comedy The Interview and a string of attacks launched on banks in 18 countries last month.

Google threat intelligence researcher Neel Mehta was the first to identify the clue.

The Global Research and Analysis Team at Kaspersky Lab have posted screen shots of two programs side-by-side in a blog post discussing the possible link.

The researchers admit the similarities could just be a case of one hacker copying and pasting another's code, or even a false flag left to mislead investigators.

But they note the evidence is compelling enough to continue investigations following this lead.

"We believe this might hold the key to solve some of the mysteries around this attack," the researchers say.

"One thing is for sure - Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCry."

So far, 230 people have paid the Bitcoin ransom, totalling more than $82,000. Security researchers have advised people hit by WannaCry not to pay the ransom because there is no evidence that the hackers will unlock the files.

The WannaCry ransomware spread across the globe on the weekend, with the malicious program encrypting people's computer files and demanding a ransom of $405 in bitcoin.

The code used a tool leaded from the National Security Agency and patched by Microsoft months ago.

But because so many companies fail to update their software, thousands were caught up in the attack.

Companies fell victim to the WannaCry attack after ignoring Microsoft Windows software updates available since March 14, or failing to upgrade the 16-year-old operating system Windows XP, which the company stopped supporting three years ago.

One in 15 computers still uses Windows XP globally.

The list of WannaCry victims ranged from hospitals across the United Kingdom and India to a Renault car factory in France that was forced to shut down.

A second-wave outbreak of the virus failed to materialise when users returned to their offices on Monday morning, however a security expert has warned it's still possible.

Lynne Owens, director-general of Britain's National Crime Agency, said there was no indication of a second surge in the cyberattack but warned, "That doesn't mean there won't be one," according to Fox News.


Twelve Australian businesses have now been affected by the 'WannaCry or WannaCrypt' ransomware.

Cyber Security Minister Dan Tehan confirmed the number of businesses reported being impacted by the ransomware attack had grown overnight.

The Minister again urged small businesses to take urgent action to update their cyber security in the wake of a global ransomware attack.

Australia's critical infrastructure and government agencies remain unaffected by the hack.

News Corp Australia

‘Sweet read’ inspired by Cotswolds, Persian love cake

premium_icon ‘Sweet read’ inspired by Cotswolds, Persian love cake

From spending time with the locals in England, to perfecting Ekka award-wining...

Out of India lockdown: Back to business in Noosa

premium_icon Out of India lockdown: Back to business in Noosa

Dui Cameron feels like she has a new lease on life after finally freeing herself...

$1b a month windfall as locals spend big

premium_icon $1b a month windfall as locals spend big

Queenslanders could spend up to $1b a month on tourism as travel reopens