But here's the puzzling thing -- Symantec says that despite the links to Lazarus, "the WannaCry attacks do not bear the hallmarks of a nation-state campaign."

Cyberattacks backed by governments "are usually impeccable, they don't make rookie mistakes," said Thakur. "In the case of WannaCry, we saw some of those mistakes."

For example, early versions of WannaCry had a bug in the code that prevented victims from paying the ransom.

While it's possible Lazarus thought they could make a lot of money with WannaCry, "they totally botched it up and got almost nothing," Thakur said.

The ransomware has so far collected about $108,000 in ransom. Security researchers and government agencies advised businesses not to pay the ransom.

Eoin Treacy's view

The latest global ransomware attack might have been botched but that didn’t stop it from causing a great deal of inconvenience for consumers not least in the UK where trains didn’t run and hospital appointments were cancelled. The problem of course is that even if this attempt was not as successful as the originators hoped if will act as inspiration for ambitious criminal organisations to get it right next time. 

The broader point of government intrusion on private communications, the exposure of which helped the WannaCry hackers to develop their attack vector, was thrown into light again in the aftermath of the Manchester bombing. Our deepest sympathies go out to the people of
Manchester and everyone affected by this deed but is a testament to how de rigueur these types of events are that the market didn’t flinch. 

The fight against radicalism is increasingly being fought online. The identity confidence evident in Western society with widening income disparities, lower standards of living and rising populism suggests it is ill equipped to deal effective with this threat. That suggests the response is likely to be on more security and not least online. 

Large public organisations that rely on their computer systems to provide services like hospitals, police departments, public transport, air traffic control, online retailers and international organisations all now have to at least discuss how they are going to respond to future attacks because they are most assuredly on the way. 

The greatest headwind for the cybersecurity sector to date has been that the cost of a breech has been acceptable relative to the cost of investing in the constant surveillance and vigilance necessary to prevent one. Ransomware demands are usually “reasonable” enough to ensure that the cost is not so high as to close off the spigot of opportunity by forcing potential victims to upgrade. That may now be changing because the porous nature of the global internet architecture as it currently stands is increasingly under the spotlight. 

The Purefunds Cyber Security ETF has been in a consistent step sequence uptrend since early 2015 and a sustained move below the trend mean would be required to question medium-term scope for additional upside. 

SAIC, which does the majority of its business with the US government, pulled back sharply in March but has stabilised in the region of $70 and a sustained move above $75 would confirm a return to demand dominance. 

Booz Allen Hamilton is also a major government consultant and remains in a consistent medium-term uptrend; breaking out to new highs this week. 

Fireeye broke successfully above the 200-day MA at the beginning of the month and a sustained move below it would be required to question medium-term scope for additional upside.