Tue May 16, 2017 02:19PM
A photo taken on May 15, 2017 shows staff monitoring the spread of ransomware cyber attacks at the Korea Internet and Security Agency (KISA) in Seoul, South Korea. (AFP photo)
A photo taken on May 15, 2017 shows staff monitoring the spread of ransomware cyber attacks at the Korea Internet and Security Agency (KISA) in Seoul, South Korea. (AFP photo)

The European Union's police agency, Europol, says it still needs to be proven that there was a link between North Korea and a recent cyberattack that locked computers in more than 150 countries.

“We are open to investigate in all directions, but we don't speculate and we cannot confirm this. It's still too early to say anything,” Europol spokesman Jan Op Gen Oorth said on Tuesday, adding, "We are working on it. The investigation is ongoing ... It could come from everywhere, it could come from any country."

Experts said earlier in the day that they had detected signs of a possible North Korean link to "WannaCry", a malware which spread through computers in key European countries and demanded to receive cash from users to release their sensitive files and information.

Computer code posted by Google researcher Neel Mehta showed that there were similarities between the attack last week and a vast hacking effort widely attributed to Pyongyang.

Rob Bertholee, the cyber spy chief in the Netherlands, where the Europol is based, said North Korea could be a major culprit, adding that Pyongyang had always been among certain countries to order such acts of sabotage.

"I think we might have a very capable adversary in North Korea as well," said Bertholee.

Europol elaborated on its past findings about how much hackers had managed to extort money from the victims of the cyberattack, saying some 243 payments of a total of about 63,000 dollars had been made since the start of the attack on May 12. The agency said the number of affected IP addresses around the world on Tuesday was 163,745, meaning that the pace of the attack was slowing.