Symantec and Kaspersky are investigating whether hackers from the Lazarus Group were responsible for infecting an estimated 300,000 machines in 150 countries.
The same group is believed to be behind the 2014 hack of Sony Pictures, and is also suspected of previous attacks on the global financial system.
Kaspersky researchers said: “The group has been very active since 2011.”
Their enquiries came as the White House said that paying ransom money to unlock files encrypted by the global cyberattack does not work.
Homeland security adviser Tom Bossett told reporters he is not aware of a case where transferring $300 (£232) in Bitcoin – the amount demanded from victims of last week’s attack – has “led to any data recovery”.
President Trump’s administration estimates that less than $70,000 (£54,285) has been paid to the criminals behind the ransomware so far.
During a White House briefing, Mr Bossert said no federal systems in the US had been affected by the malicious software, known as WannaCry.
Image:This message demanding money appeared on victims’ screens
He told reporters that he had spoken with his British counterparts, who said they now had a “feeling of control” after the attack struck 47 NHS organisations.
Security experts are monitoring the Bitcoin accounts used to collect the ransom payments. Although the account holders can remain anonymous, clues can often emerge when the money is converted back into real-world currency.
In its latest update on the cyberattack, Europol said it was the “largest ransomware attack observed in history”.
Russia has denied it had anything to do with the cyberattack, with President Vladimir Putin describing it as payback for the US intelligence services.
His remarks came after Microsoft’s chief legal officer Brad Smith said the US National Security Agency had developed the original code used in the attack, which was later leaked in a document dump.
Mr Putin said during a trip to Beijing: “A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators.”
Meanwhile, the 22-year old computer expert who discovered the WannaCry’s hidden kill switch says he does not think of himself as a hero and was just “doing my bit to stop botnets”.
British born Marcus Hutchins, who is currently working in Los Angeles, stumbled on the solution by accident while analysing a sample of the malicious code, and then spent three days fighting the ransomeware worm.
Mr Hutchin’s manager at online security firm Kryptos Logic said he “not only saved the United States but also prevented further damage to the rest of the world”.
Sky News has learned that health trusts in England were sent details of a security patch last month that would have allowed them to protect themselves.
A spokesman for NHS Digital said: “Our understanding is that if that had been acted on it would have prevented (the malware attack).”
Microsoft said the attack was a “wake-up call” and identified “nation-state action and organised criminal action” as “the two most serious forms of cybersecurity threats in the world today”.
The company said it had released a security update back in March to protect Windows system computers against such attacks, but said many computers “remained unpatched globally”.
source: news.sky.comRead Full Story