WASHINGTON (CBS) — North Korea is behind the WannaCry cyberattack that plagued multiple industries earlier this year — including hospitals, financial systems and other companies — according to an op-ed published Monday night by White House homeland security adviser Tom Bossert. Writing for the Wall Street Journal, Bossert says “the attack was widespread and cost billions, and North Korea is directly responsible.”
Bossert goes on to say: “[WannaCry] encrypted and rendered useless hundreds of thousands of computers … while victims received ransom demands, paying did not unlock their computers. It was cowardly, costly, and careless.”
Also in the op-ed, Bossert says the allegation that North Korea is the culprit was made lightly, but based on evidence.
“Other governments and private companies agree,” he wrote. “The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”
Bossert said that North Korea “acted especially badly.”
“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless,” Bossert wrote.
He also mentioned that anyone who may harm the U.S. would be held accountable:
“As we make the internet safer, we will continue to hold accountable those who harm or threaten us, whether they act alone or on behalf of criminal organizations or hostile nations. Malicious hackers belong in prison, and totalitarian governments should pay a price for their actions.”
Global financial and economic losses from the WannaCry attack that crippled computers in at least 150 countries in May was estimated to be in the billions, making it one of the most damaging incidents involving so-called ransomware.
Cyber risk modeling firm Cyence estimates the potential costs from the hack at $4 billion, while other groups predict losses would be in the hundreds of millions. The attack is likely to make 2017 the worst year for ransomware scams, in which hackers seize control of a company’s or organization’s computers and threaten to destroy data unless payment is made.