Sony hackers accused of having a new ransomware side hustle

Crime doesn't pay. Well, unless it's your side hustle when you're not working as a hacker for the North Korean government.

Then it pays. Bitcoin, specifically.

Security experts researching the ransomware WannaCry have zeroed in on a group they believe to be responsible for the attack that encrypted computers around the globe. It's known as Lazarus, and you may already be familiar with what is thought to be their greatest hit: the 2014 Sony Pictures hack.

But this time around there's a twist. While the 2014 attack was believed to be directed by the North Korean government, clues surrounding the WannaCry ransomware suggest that the hackers have struck out on their own in order to make a little cash on the side.

"Analysis of these early WannaCry attacks by Symantec’s Security Response Team revealed substantial commonalities in the tools, techniques, and infrastructure used by the attackers and those seen in previous Lazarus attacks, making it highly likely that Lazarus was behind the spread of WannaCry," Symantec explains on its blog. "Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign."

So, a hacking group believed to be affiliated with the North Korean government, but not working at the behest of the government, is likely responsible for the WannaCry digital carnage. Got it?

Encrypting your data has never been so easy. Credit: Getty Images

How sure is Symantec of their verdict? Attribution for an attack like this is tricky work, and while it's almost impossible to know with 100 percent certainty, the researchers are standing by their assessment.

"Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access," Symantec Security Response Technical Director Vikram Thakur told Reuters.

And Symantec is not the first to point a finger at Lazarus. Another researcher, Google security researcher Neel Mehta, claimed a similar link — although that was far from definitive.

Interestingly, as The New York Times reports, China has been hit particularly hard by WannaCry. If Chinese government officials determine that a North Korean affiliated group is indeed responsible, one imagines they won't be too happy with their ally to the east.

But hey, it's worth the risk for all that sweet Bitcoin, right? Maybe not. Despite the widespread nature of the attack, only approximately $111,000 in ransom has been paid to the three Bitcoin addresses associated with the ransomware at the time of this writing. And it won't be easy to convert the ransom into cash.

So if the Lazarus hackers did strike out on their own with the goal of hitting digital pay-dirt, they may be dissatisfied with the result. But that's OK — there are plenty of other stolen NSA exploits for them to play with.