Other cybersecurity experts question the Pyongyang angle on different grounds.
James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, a cybersecurity think tank, argues that the evidence remains “circumstantial at best,” and believes WannaCry spread due to luck and negligence, not sophistication.
“While it is possible that the Lazarus group is behind the WannaCry malware, the likelihood of that attribution proving correct is dubious,” he wrote in a recent blog post laying out his case. “It remains more probable that the authors of WannaCry borrowed code from Lazarus or a similar source.”
Scott said he believes North Korea would likely have attacked more strategic targets — two of the hardest-hit countries, China and Russia, are the North’s closest strategic allies — or tried to capture more significant profits.
Very few victims of the WannaCry attack appear to have actually paid up. As of Friday, only $91,000 had been deposited in the three Bitcoin “wallet” accounts associated with the ransom demands, according to London-based Elliptic Enterprises, which tracks illicit Bitcoin activity.
