In an op-ed from Trump’s Homeland Security Advisor
The US has declared North Korea the perpetrator of the widespread and financially devastating WannaCry ransomware cyberattack that rapidly spread across the globe in May, hitting hospitals, companies, and other critical institutions in countries around the world. The announcement came in the form of an op-ed in The Wall Street Journal authored by President Donald Trump’s Homeland Security Advisor, Thomas Bossert.
News of the administration’s announcement was reported earlier today by The Washington Post, which reports that the White House will be issuing a formal statement tomorrow. It was reported back in June that the US National Security Agency was in possession of evidence that pointed to North Korea. Bossert’s op-ed publicly confirms the NSA’s findings with support from evidence gathered by foreign governments, independent cybersecurity firms, and corporations directly hit by the attack.
“We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government,” Bossert writes. “The consequences and repercussions of WannaCry were beyond economic. The malicious software hit computers in the UK’s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk.”
It’s unclear if the Trump administration will use WannaCry as a way to put more pressure on North Korea via sanctions, as is already the situation with the country’s nuclear program. Bossert concludes his op-ed with the line, “We will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise,” suggesting the administration is openly looking into measures it can take to combat North Korea’s capacity for cyberattacks. Bossert also says hackers must continue to receive harsh punishments for cybercrimes and corporations likely to be victims of such attacks should step up security and proactively take measures to fight back against malicious bad actors and foreign governments.