White House Claims North Korea Spread WannaCry

The global cyberattack infected computers in hospitals and elsewhere, costing billions of dollars, in May.

North Korea is responsible for the crippling WannaCry ransomware attacks that spread across the world this past spring, locking up hundreds of thousands of computers in healthcare and beyond, according to the White House.

Thomas P. Bossert, JD, an assistant for homeland security and counterterrorism to President Donald Trump broke the news today in a column published in the Wall Street Journal. The announcement seems to have validated long-reported suspicions and echoed an accusation leveled by the United Kingdom.

“It was cowardly, costly, and careless,” Bossert wrote. “The attack was widespread and cost billions, and North Korea is directly responsible.”

WannaCry jetted across the internet in May 2017, holding computers and data hostage as hackers demanded money to free the information and equipment. The cyberattack hit the UK’s healthcare system especially hard, with 81 hospitals falling prey, leading to thousands of canceled appointments. Since then, new strains of the ransomware have cropped up, notably in FirstHealth of the Carolinas, a not-for-profit hospital system serving 15 counties.

In today’s column, Bossert said North Korea did not unlock the computers of victims who paid the ransom. What’s more, he added, the attack risked lives as it slithered through the healthcare sector.

In response, Trump ordered the “modernization of government information-technology to enhance the security of the systems we run on behalf of the American people,” Bossert wrote. The president also solidified sanctions against Russian hackers, and the government has continued to share vulnerabilities with developers, he wrote.

Bossert denounced North Korea and its growing status as a threat beyond the nuclear realm.

“It is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world,” he wrote. “Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.”

The administration said it did not “make this allegation lightly,” noting the claim is “based on evidence.” Bossert pointed to the UK, Microsoft, and other private companies that have already targeted the rogue state as the force behind WannaCry. The surging connectivity of the world provides fertile ground for “bad actors” to commit such crimes, “relying on the complex world of ones and zeros to hide their hand,” he added.

The White House has punished other cybercriminals for their actions, including those from Russia, Iran, Canada, and China, he said. He said more indictments will come.

Although WannaCry pounded institutions across the world, government reports from the US and the UK have also cast blame on the poor state of cybersecurity in healthcare. Indeed, a member of a related task force told Healthcare Analytics News™ this fall that most healthcare organizations lack a single qualified person to defend against, say, a new WannaCry strain.