×

UK government: North Korea was behind the WannaCry cyber-attack that crippled health service

  • "North Korea was the state we believe was involved in this worldwide attack on our systems," U.K. Security Minister Ben Wallace said Friday
  • Britain's National Audit Office (NAO) said that the attack in May was "relatively unsophisticated" and "could have been prevented"
A patient appointment letter from a London NHS hospital, next to a virus and spyware warning message on a laptop screen at a home in London, following a major cyber attack on NHS computer systems.
Yui Mok | PA Images | Getty Images
A patient appointment letter from a London NHS hospital, next to a virus and spyware warning message on a laptop screen at a home in London, following a major cyber attack on NHS computer systems.

North Korea was behind a cyber-attack that derailed Britain's state-owned health service's IT systems, the U.K. government said Friday.

"I think we should perhaps remember that this attack, we believe quite strongly, that this came from a foreign state," U.K. Security Minister Ben Wallace told the BBC.

Asked which foreign state he believed was involved, Wallace said: "North Korea was the state we believe was involved in this worldwide attack on our systems."

Malicious software called "WannaCry" targeted a number of businesses, government entities and the U.K.'s National Health Service (NHS) earlier this year. A form of "ransomware", the software blocked access to a user's computer until a sum of money was paid to the attacker.

Asked how sure he was that North Korea was the actor behind the cyber-attack, Wallace said: "We can be sure as possible. I can't obviously go into the detail of intelligence, but it is widely believed in the (intelligence) community and across a number of countries that North Korea had taken this role."

Wallace called on Western nations to develop a "doctrine of deterrent," similar to nuclear deterrent strategy, to prevent further cyber-attacks.

"On a weekly basis, our systems are under attack from serious organized criminals using malware from abroad or even at home," he said.

"But also, unfortunately, a number of foreign states engage in the practice of collecting information from our businesses, or indeed launching some form of state-sponsored criminal attack."

Attack 'could have been prevented'

Britain's National Audit Office (NAO) published findings of an investigation into the attack Friday.

Amyas Morse, head of the NAO, said the attack in May was "relatively unsophisticated" and "could have been prevented" using "basic IT security best practice."

It said the NHS and the U.K.'s Department of Health should "get their act together" to avoid future attacks.

One key finding of the NAO's research was that the department had been warned about the risk of a cyber-attack hitting the NHS a year prior to the breach.

At least 81 out of 236 (34 percent) of NHS regional trusts were disrupted by the attack, the NAO said.

Is North Korea to blame for cyber-attacks?

The British government would not be alone in its view that North Korea was to blame for the cyber breach.

Following the WannaCry attack, Microsoft President Brad Smith said that the country was responsible.

"I think, at this point, that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States," the executive told U.K. broadcaster ITV earlier this month.

In September, a study by cybersecurity firm FireEye claimed that North Korea had been involved in state-sponsored cyber attacks to steal the virtual currency bitcoin, although these were not connected to the WannaCry attack.

In August, it was revealed that hackers got away with $143,000 in bitcoin relating to ransoms paid from the May WannaCry attack.

It is believed North Korea had been attempting to raise cash in order to cope with international trade sanctions.