In December 2017, the United States, United Kingdom and Australia formally asserted that North Korea was behind blognone bitcoin wallet attack. Much of the attention and comment around the event was occasioned by the fact that the U.
The attack began on Friday, 12 May 2017, with evidence pointing to an initial infection in Asia at 7:44am UTC. Organizations that had not installed Microsoft’s security update from April 2017 were affected by the attack. Experts quickly advised affected users against paying the ransom due to no reports of people getting their data back after payment and as high revenues would encourage more of such campaigns. The day after the initial attack in May, Microsoft released emergency security patches for Windows 7 and Windows 8.
Researcher Marcus Hutchins accidentally discovered the kill switch domain hardcoded in the malware. Within four days of the initial outbreak, new infections had slowed to a trickle due to these responses. Linguistic analysis of the ransom notes indicated the authors were likely fluent in Chinese and proficient in English, as the versions of the notes in those languages were probably human-written while the rest seemed to be machine-translated. North Korea, however, denied being responsible for the cyberattack. The ransomware campaign was unprecedented in scale according to Europol, which estimates that around 200,000 computers were infected across 150 countries. Nissan Motor Manufacturing UK in Tyne and Wear, England, halted production after the ransomware infected some of their systems.
Renault also stopped production at several sites in an attempt to stop the spread of the ransomware. 4 billion, with other groups estimating the losses to be in the hundreds of millions. The United States Congress will also hold a hearing on the attack on June 15. Two subpanels of the House Science Committee will hear the testimonies from various individuals working in the government and non-governmental sector about how the US can improve its protection mechanisms for its systems against similar attacks in the future.