Investigations continue, with some experts suggesting the WannaCry ransomware campaign has the look of a targeted attack gone wrong. It seems far more indiscriminate in its infection rate, which amounts to a pandemic, than even the best-prepared criminal gang could handle. And the Bitcoin wallets established as repositories for ransom payments don't seem equal to the task either.
There's no clear attribution (yet) but several researchers from Google and elsewhere believe they've discerned a similarity between WannaCry's code and some similar cryptors thought to have been used by the Lazarus Group in 2015. The Lazarus Group, of course, is generally connected to North Korea's government, and has been blamed for Dark Seoul attacks against South Korea, the Bangladesh Bank fraudulent fund transfer caper, and the wiper attack against Sony Pictures. This attribution is preliminary and very circumstantial, but suggestive: North Korea is thought to see cybercrime as a source of badly needed revenue as Sino-US sanctions bite deeper into the DPRK's economy.
WannaCry's widely expected second wave hasn't to all appearances hit (yet). Check Point says it's found a less virulent successor version, and Bitdefender thinks last week's attacks are harbingers of many more to come.
The plaintiff's bar is expected to be paying close attention to negligent patching in enterprises that suffered from WannaCry, but Microsoft is not generally thought to have much exposure.
US targets were hit, although relatively lightly compared to Russia, China, India, and Britain. Various US security big-wigs again talk of a "Cyber Pearl Harbor."