A hacking group linked to North Korea is thought to be behind the cyber attack that wreaked havoc across the globe, according to security experts. Analysts from security firms Symantec and Kaspersky revealed that they are looking into technical clues suggesting the Lazarus Group created the virus. The ransomware - which encrypts victims' files then demands a fee to unlock them - left Britain's health service crippled as computer systems and phone lines across the country shut down on Friday.
The NHS is still struggling to get back on its feet following the attack, which means patients could have to wait a month or more to see a doctor after countless operations and appointments were cancelled.
+13
The global cyber attack brought the NHS to its knees on Friday and over the weekend
Symantec and Kaspersky said code in an earlier version of the WannaCry ransomware had also appeared in other malicious software created by those hackers. The Lazarus Group has already been blamed for a string of hacks dating back to at least 2009, including last year's $81 million heist from Bangladesh's central bank.
The group was also thought to have been behind the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks and a long-running campaign against organizations in South Korea. Researchers from Kaspersky said: 'We believe this might hold the key to solve some of the mysteries around this attack.
+13
The Lazarus Group has repeatedly been linked to North Korea. Pictured is the country's leader Kim Jong-Un
+13
Cyber criminals have hit more than 225,000 victims in 150 countries (pictured) in the biggest hack ever launched - with the NHS one of the hardest hit organisations
+13
The NHS has been hit by a major cyber attack hitting computers, phones and emergency bleepers in hospitals and GP surgeries
'We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of Wannacry. 'Looking back to the Bangladesh attack, in the early days, there were very few facts linking them to the Lazarus group. 'In time, more evidence appeared and allowed us, and others, to link them together with high confidence. Further research can be crucial to connecting the dots.' The North Korean mission to the United Nations was not immediately available for comment.
+13
The ransomware hit computers around the globe including in Germany where the rail network was infected
+13
The virus infection resulted in a ransom message appearing on screens across the German rail network creating 'massive disturbances'
During the chaos in Britain over the weekend countless operations were cancelled and patients were turned away as 45 NHS organisations and trusts and hundreds of GP surgeries were locked out of their computer systems. NHS staff pleaded with patients to stay away from A&E except in an emergency, and ambulances were diverted away from hospitals struggling to cope, with medics facing a weekend of chaos. Meanwhile Russia was believed to be the worst affected country with computers in its interior ministry hit and its second largest phone network - Megafon - also targeted.
Ticketing machines and computers at German railway stations have also been affected alongside Spanish companies including telecoms giant Telefonica, power firm Iberdrola and utility provider Gas Natural. Shipping company FedEx also confirmed it was hit by the attack. Analysis by Elliptic, who have been tracking the Bitcoin accounts linked to the virus, revealed the hackers have been paid around $54,000 (£41,795) in ransom money since Friday.
+13
British computer security expert Marcus Hutchins, 22, discovered the WannaCry super-virus had a 'kill switch' and stopped it infecting 100,000 more PCs worldwide over the weekend
Analysis by Elliptic, which has been tracking the Bitcoin accounts linked to the virus, revealed the hackers have been paid around $54,000 (£40,200) in ransom money since Friday.
British computer security expert Marcus Hutchins, 22, became a hero when he discovered the WannaCry super-virus had a 'kill switch' and stopped it infecting 100,000 more PCs worldwide over the weekend. [h=3]Microsoft blames NSA 'for failing to warn them that Windows was vulnerable'[/h]Microsoft's top lawyer is laying some of the blame for Friday's massive cyberattack at the feet of the U.S. government.
Brad Smith criticised U.S. intelligence agencies, including the CIA and National Security Agency, for 'stockpiling' software code that can be used by hackers.
Cybersecurity experts say the unknown hackers who launched this weekend's 'ransomware' attacks used a vulnerability that was exposed in NSA documents leaked online.
In a post on Microsoft's blog, Smith says: 'An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.'
Now the cyber criminals, who hit more than 225,000 victims in 150 countries in the biggest hack ever launched, have re-written their malware to remove the flaw discovered by Mr Hutchins. Britain's FBI - the National Crime Agency (NCA) - said people must be prepared for a 'second surge' of malware - but it is yet to happen on the scale seen on Friday. Rob Holmes, an expert from cyber security company Proofpoint, told the BBC: 'We're already starting to see new versions of the ransomware without the master kill switch'. Earlier, Russian President Vladimir Putin blamed US intelligence services for a 'ransomware' attack that has wrecked havoc around the globe. Putin said intelligence services should beware of creating software that can later be used for malicious means. 'As regards the source of these threats, I believe that the leadership of Microsoft have announced this plainly, that the initial source of the virus is the intelligence services of the United States,' Putin said on Monday. 'Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators,' he told reporters in Beijing. Putin claimed there was no significant damage to Russian institutions, including its banking and healthcare systems, from the computer worm.
+13
Police at Southport Hospital following the NHS cyber attack on Friday where ambulances were diverted to other hospitals
'But as a whole it is worrying, there's nothing good about it, it is a source of concern,' he said. 'So this question should be discussed immediately on a serious political level and a defence needs to be worked out from such phenomena.' The Russian leader that the Kremlin was not behind the attack. In the US, the FBI and National Security Agency were trying to identify the perpetrators behind the massive cyber attack.
[h=3]Mother's praise for staff who defied cyber attack to deliver her twins[/h]A mother who gave birth to twin girls in the midst of the ransomware cyber attack has praised staff who cared for her.
Cheryl McNulty had a high risk pregnancy as she had a condition called placenta praevia, and her babies had to be delivered several weeks early on Saturday morning.
They were born in the early hours at 3.12am and 3.13am at an NHS Lanarkshire hospital.
The health board was one of dozens around the UK affected by the unprecedented cyber attack which hit scores of countries on Friday.
+13
Cheryl McNulty, right, is pictured with her partner Scott and their twin babies who were born in the midst of the cyber attack with the help of midwife Alison Stark, pictured centre
Ms McNulty said:'If they hadn't explained to me about the cyber attack, I wouldn't have been aware that there were any issues.
'The only thing I noticed was that everything was done on paper rather than a computer.
'From my point of view, it didn't have any impact on my patient experience at all.
'I couldn't say a bad word about the care that I received. It was such a positive experience.'
Ms McNulty and her partner Scott Wright are now choosing names for their daughters, who were born by caesarean section when Ms McNulty was 34 weeks and six days pregnant.
The couple, from Bellshill in North Lanarkshire, hope to be able to go home as a family soon.
The revelations come just one day after Kim Jong-Un fired a ballistic missile 500 miles into the Sea of Japan in the latest show of force amid tensions with the US. The launch took place in the Kusong region located northwest of the capital, Pyongyang, where the North previously test-launched an intermediate-range missile it is believed to be developing. The missile is thought to have landed in water 60 miles south of Russia's Vladivostok region, home of the Russian Pacific Fleet - although the Russian defense ministry said it had landed 310 miles off the coast.
+13
The launch took place in the Kusong region located northwest of the capital, Pyongyang. A US official said the missile landed in water 60 miles south of Russia's Vladivostok region
+13
A South Korean man watches a television displaying news broadcasts reporting on North Korea's recent ballistic missile launch, at a station in Seoul, South Korea on May 14 May
The projectile was launched at around 5.30am, according to South Korea's Joint Chief of Staff. 'The South and US are analyzing more details about the missile,' it said in a statement without elaborating. US Pacific Command says the flight was not consistent with an intercontinental ballistic missile.
+13
Kim Jong-Un is pictured visiting a tools and utensils exhibition in this photo released by North Korea's Korean Central News Agency (KCNA) on May 13
+13
Ballistic missiles are displayed during a military parade in Pyongyang in this April 15 picture
Japan's defense minister Tomomi Inada told reporters there is a possibility that it was a new type of ballistic missile, saying it flew Sunday for about 30 minutes and at an altitude exceeding 1,240 miles. She says more analysis was needed. Japanese officials said the missile landed in the Sea of Japan but outside the country's exclusive economic zone. Kim Dong-yub, an expert at Kyungnam University's Institute of Far Eastern Studies in Seoul, said he estimated a standard trajectory firing would give it a range of 3,700 miles, meaning it would be capable of reaching Hawaii. The launch is the first in two weeks since the last attempt ended in a failure just minutes into flight.
DEVASTATED: Jess Laughton cried after being told that her operation had been cancelled
A former star gymnast left bedbound by a rare syndrome has been left shattered after a life-changing operation to have her leg amputated was cancelled by the NHS cyber attack.
Jess Laughton, 23, had been waiting several months to undergo surgery and, just two weeks ago, got the green light for the operation at a hospital in Blackpool.
However, after driving across the country on Friday and having blood tests and the necessary pre-op procedures, Miss Laughton was told the planned amputation of her limb had been cancelled because of the hackers, who caused widespread disruption across the UK.
She said: "It was about 5pm that night and an anaesthesist came in and said 'have you been watching the news?' He said there had been a cyber attack and we have had to cancel all the operations.
"My mum and stepdad were there with me too and we all just fell silent. We didn't know what to say - it was the last thing we were all expecting after counting down the days and the hours.
image: http://www.hulldailymail.co.uk/images/localworld/ugc-images/276270/binaries/33242776.jpg
DREAM: Jess has been hoping to have her left leg amputated
"I was gutted - I just cried and cried. I've not cried as much as that in a long time."
Miss Laughton, who suffers from Complex Regional Pain Syndrome after breaking her leg 10 years ago when she was a teenager, has since returned to her home in Cranswick, near Driffield. She has not been given another date for when the operation can be carried out.
She has rued the perpetrators behind the massive cyber attack and wants them to be held accountable for the pain they've caused her and other patients.
"It's crazy. They have no idea about the damage they have caused to everyone," she said. "They're the ones sat behind the computer screen and they are not understanding the impact that this has caused.
"We've all called them a few names under the sun but hopefully they get caught and get shown what damage they've caused and they pay for that damage."
[h=4][/h]
Through crowdfunding, Miss Laughton managed to raise over £2,000 to help pay for the amputation, which she says would allow her to use a wheelchair and in turn, regain her independence.
However, her enthusiasm has now been drained after the operation was scrapped and she is daunting the prospect of remaining bed-ridden for the foreseeable future.
She said: "If I'd had the operation, I would have been able to get in a wheelchair because at the moment the vibration of it is too painful.
"It would be so much better than being bedbound and it would have given me a bit of independence. I am struggling being in four walls and not seeing an end to all of this.
image: http://www.hulldailymail.co.uk/images/localworld/ugc-images/276270/binaries/33242423.JPG
"It's been hard seeing the impact that it is having on my mum and my stepdad too because they're the ones who took care of me. It's taking it out on them and it's not fair because they need to have lives too.
"This was my chance to finally get some normality and independence back."
Blackpool Victoria Hospital, which is where the amputation was due to be carried out, couldn't comment on the cancellation because Miss Laughton was a private patient. Hospitals in Hull and East Yorkshire were affected by Friday's attack with all incoming emails and web mail blocked by the hackers who warned NHS staff in Ransomware notes that all files would be deleted unless $300 in Bitcoin is paid.
