White House blames North Korea for WannaCry ransomware outbreak

The Trump administration officially blamed North Korea Monday night for launching the global ransomware attack in May known as "WannaCry."
Kim Il-Sung Square, Pyongyang North Korea

The U.S. government officially blamed North Korea for launching a global ransomware attack that is commonly known as “WannaCry.”

Homeland Security Adviser Thomas Bossert took North Korea to task in a Wall Street Journal editorial published Monday night, calling the May attack that impacted more than 300,000 machines in 150 countries “indiscriminately reckless.”

“Cybersecurity isn’t easy, but simple principles still apply. Accountability is one, cooperation another,” Bossert wrote. “They are the cornerstones of security and resilience in any society. In furtherance of both, and after careful investigation, the U.S. today publicly attributes the massive ‘WannaCry’ cyberattack to North Korea.”

Bossert’s comments mark the first time the U.S. government has publicly linked a group to WannaCry. Both the U.K. government and private cybersecurity industry linked the attack to North Korea months ago.


Bossert’s editorial comes hours after the release of the White House’s highly anticipated National Security Strategy, a broadly written plan highlighting the Trump administration’s approach to national security matters. The document named North Korea, among other adversarial nations, as a major security threat to the U.S. and its allies.

WannaCry reportedly caused billions of dollars in damage as it affected numerous business sectors and companies around the world. Among the hardest hit were hospitals in the United Kingdom.

Researchers say WannaCry leveraged a software exploitation tool that was taken from the National Security Agency. Known as EternalBlue, the tool allowed the ransomware to spread through vulnerable, internet-connected machines which ran older versions of Microsoft Windows.

Bossert’s editorial makes no mention of EternalBlue’s role in amplifying the malware’s impact.

In most cases, a computer infected with ransomware typically becomes unusable unless the victim pays a ransom, usually in the form of a cryptocurrency. WannaCry, however, represented a unique incident because of the speed and scale by which the malware affected millions of computers.


Additionally, many victims were not able to regain access to their systems because the payment mechanism attached to WannaCry was faulty and often unresponsive.

Senior U.S. government officials often point to North Korea as a “bad actor” in cyberspace. Hackers linked to the regime, for example, have been previously linked to data breaches at major financial institutions and are believe to be responsible for other cyptocurrency-related schemes.

Over the last several years, the U.S. has selectively called out a small number of foreign governments for their role in backing offensive hacking operations aimed at U.S. companies, government agencies or institutions. Monday’s announcement marks the second time North Korea has been named the culprit by the U.S. government, the first being the destructive attack on Sony Pictures in 2014.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts