The United States is determined to hold North Korea accountable for the “WannaCry” malware attack that struck more than 150 countries last May, crippling hospitals, banks and locking up files and databases, demanding ransom for their release.
“We’re going to shame them for it,” Homeland Security Adviser Tom Bossert told reporters during a White House briefing Tuesday, while admitting there is little that can be done to bring specific perpetrators to justice.
“We do not make this allegation lightly, we do so with evidence and we do so with partners,” Bossert said, noting that many other governments and private companies agreed with the assessment.
WATCH: Cyber attack prevention
“The United Kingdom, Australia, Canada, New Zealand and Japan have seen our analysis and the join us in denouncing North Korea for WannaCry. Commercial partners have also acted. Microsoft traced the attack to the cyber affiliates of the North Korean government, and others in the security community have contributed their analysis.”
Experts say “WannaCry” exploited a vulnerability in some versions of Microsoft’s Windows operating system that had not been updated with security patches.
Bossert, who serves as President Donald Trump’s assistant for homeland security and counterterrorism, lamented that there is not much more that can be done to restrict North Korea’s behavior, considering the Pyongyang regime already faces severe sanctions in many areas.
“The administration has used just about every lever you can use short of starving the North Korean people to death to change their behavior,” he said. “So we don’t have a lot of room left here to apply pressure to change their behavior. It’s nevertheless important to call them out, let them know it’s them and we know it’s them.”
'Corporate partners'
The official applauded the work of Microsoft, Facebook and what he called “other corporate partners” for acting on their own, without government coordination, to disrupt another North Korean hacking attempt last week.
“Microsoft and Facebook and other major tech companies acted to disable a number of North Korean cyber exploits and disrupt their operations as the North Koreans were still infecting computers across the globe. They shut down accounts the North Korean regime attackers used to launch attacks and patched systems,” Bossert said.
Frank Cilluffo, director of the Center for Cyber and Homeland Security at George Washington University, says private firms will have to be at the forefront of efforts to stop foreign cyber attacks in the future.
“Not even the biggest of these companies went into business thinking they had to defend themselves against foreign intelligence services,” Cilluffo told VOA. “So what you saw with Microsoft with respect to North Korea, you’re seeing a lot more activity in terms of botnet takedowns and malware cleanups that the private sector is working on with governments not only in the U.S. but overseas as well."
“Business as usual just ain’t going to cut it,” Cilluffo said.
Pyongyang blamed
Pyongyang had long been suspected of being behind the “WannaCry” attack, which hit entities including the U.S.-based shipping company FedEx, Spanish telecommunications firm Telefonica, and Britain's National Health Service, which forced hospitals to cancel surgeries and divert ambulances to other facilities. The program demanded a ransom to unlock access to files stored on infected machines.
The attack was eventually stopped by a British hacker who discovered a "kill switch" in the code that disabled the virus.
Pyongyang has been blamed for launching several cyberattacks in recent years, including the well-publicized 2014 attack on Sony Pictures Entertainment in retaliation for the company's production of the satirical film The Interview, which depicts an assassination plot against North Korean leader Kim Jong Un.
