US authorities have charged Park Jin Hyok, a North Korean programmer, for his alleged involvement in carrying out multiple cyber intrusions around the world, including the WannaCry attack from May 2017 that spread to more than 200,000 computers in over 100 countries.

In the UK, WannaCry crippled NHS systems, with a National Audit Office investigation finding services at more than 80 out of 236 NHS trusts were disrupted, and thousands of appointments and operations were cancelled all over the country.

In October last year, however, the NAO said the Department of Health and NHS England did not know ‘the full extent of the disruption’.

The charges against the North Korean citizen come after the UK National Crime Agency’s National Cyber Crime Unit uncovered critical evidence linking the WannaCry attack to other cyber intrusions already being investigated by the FBI.

“We stand with our partners to name the North Korean government as the force behind this destructive global cyber campaign,” FBI Director Christopher Wray said.

The charges were the culmination of extended and complex enquiries made by the NCA and law enforcement partners in the United States, according to Senior Investigating Officer in the UK’s NCA investigation Paul Hoare said.

“Colleagues in the FBI have opened charges against a single defendant alleged to be involved in a conspiracy to conduct high profile cyber attacks – including creating the WannaCry ransomware – that affected the NHS and many other organisations in the UK,” Hoare said.

The North Korean programmer worked for more than a decade for Chosun Expo Joint Venture, and The New York Times reported that intelligence officials believed the company was “a front for the government” as he actually appeared to work for North Korea's Reconnaissance General Bureau.

The publication said the US Justice Department believed other North Korean citizens were also involved in the cyber-attacks named in the criminal complaint, but the government thought it only had enough evidence to convict Park beyond a reasonable doubt.

“The ransomware attacks that affected the UK appear to be part of a series, and it’s right that they are prosecuted together to show the full scale of offending,” NCA Director General of Operations Steve Rodhouse said.

“The collaboration between UK and US law enforcement has been strong and effective and these charges show that we will not tire in our efforts to identify those who believe they can hide behind a computer and cause havoc across the world, regardless of their motivation or status

“The past year has shown that cyber attacks have real-world consequences and can cause enormous reputational and financial damage to businesses of all sizes. The Wannacry attack highlighted that cyber crime affects not just the country’s prosperity and security, but also affects our everyday way of life.

“The distinction between nation states and criminal groups in terms of cyber crime is becoming frequently more blurred and today’s charges are a significant step forward in our investigation.

Looking at the NHS, the WannaCry ransomware uncovered a series of shortcomings as official investigations indicated that the cyber-attack could have been prevented by following basic IT security best practice. 

Speaking earlier this month, Health and Social Care Secretary Matt Hancock said improvements had been made since WannaCry, but he acknowledged that NHS cybersecurity needed further “work and board-level attention”.

A version of this story was originally published on BJ-HC, a sister publication to HITNA.




White papers