Cyber-attackers unleashed malicious malware last week that encrypts victims' files and demands ransom for decryption.
Now, officials and researchers believe the hackers responsible are amateurs from North Korea.
Originally, it was the common consensus that those responsible for unleashing the decidedly most prolific ransomware the cyber community has ever seen were members to any number of criminal gangs all over the world because it is their M.O.to use some form of ransomware to extort civilians.
This is opposed to the alternative possibility of a government having deployed the malware.
Now, officials say they cannot overlook the likelihood of amateurs from North Korea being responsible.T
he code used for these cyber-attacks has dealt considerable damage internationally, but researchers say that it isn't necessarily complex.
It is now said to pale in comparison to Stuxnet, software developed jointly by Israel and the United States to target Iran's nuclear program.
Researchers have noted that the malware overlaps with an earlier version of itself that used a tool that was once exclusively deployed by a North Korean gang called Lazarus.
Symbolic image associated with North Korean hacker group, Lazarus.
BBC News reported that this ransomware has been described by experts as "devious rather than sophisticated." Its devious nature is recognized in how it spreads its code using a replicating worm tunneling from system to system.
Experts have yet to determine how the ransomware was initially launched.In investigating, they are searching for the first machine to be infected, a computer they call "patient zero." Finding it helps them figure out the delivery method of the virus because it is from patient zero that the malware spread like a virus to computers on the same network while also finding ways to reach outside computers connected to said network.
A British firm called Elliptic cooperates with law enforcement to trace ransomware payments.Their experts report that they have confirmed that victims have made payments in Bitcoins (electronic currency) to a small number of Bitcoin wallets.
A cyber-security consulting company claims it knows of victims who paid the ransom yet have not seen their files decrypted so far.This leads some to think the attackers may actually be amateurs who do not fully understand what they've done or how they've done it.In the English-speaking hacker community, such cyber-attackers are referred to as "script kiddies" for following the so-called script of how to use code or software that they do not understand.